Hello community, here is the log from the commit of package libfastjson for openSUSE:Factory checked in at 2018-01-16 09:37:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libfastjson (Old) and /work/SRC/openSUSE:Factory/.libfastjson.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libfastjson" Tue Jan 16 09:37:49 2018 rev:8 rq:563851 version:0.99.8 Changes: -------- --- /work/SRC/openSUSE:Factory/libfastjson/libfastjson.changes 2017-11-16 13:58:56.870118451 +0100 +++ /work/SRC/openSUSE:Factory/.libfastjson.new/libfastjson.changes 2018-01-16 09:37:50.526407237 +0100 @@ -1,0 +2,9 @@ +Fri Jan 12 13:38:16 UTC 2018 - [email protected] + +- update to 0.99.8: + * make build under gcc7 with strict settings (warning==error) + * bugfix: constant key names not properly handled + * fix potentially invalid return value of fjson_object_iter_begin + * fix small potential memory leak in json_tokener + +------------------------------------------------------------------- Old: ---- libfastjson-0.99.7.tar.gz New: ---- libfastjson-0.99.8.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libfastjson.spec ++++++ --- /var/tmp/diff_new_pack.uL63oW/_old 2018-01-16 09:37:51.190376159 +0100 +++ /var/tmp/diff_new_pack.uL63oW/_new 2018-01-16 09:37:51.194375971 +0100 @@ -1,7 +1,7 @@ # # spec file for package libfastjson # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %define somajor 4 Name: libfastjson -Version: 0.99.7 +Version: 0.99.8 Release: 0 Summary: Fast JSON parsing library, a fork of json-c License: MIT ++++++ libfastjson-0.99.7.tar.gz -> libfastjson-0.99.8.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfastjson-0.99.7/ChangeLog new/libfastjson-0.99.8/ChangeLog --- old/libfastjson-0.99.7/ChangeLog 2017-10-16 11:38:52.000000000 +0200 +++ new/libfastjson-0.99.8/ChangeLog 2017-12-18 12:04:30.000000000 +0100 @@ -1,3 +1,18 @@ +0.99.8 2017-12-18 +- make build under gcc7 with strict settings (warning==error) +- bugfix: constant key names not properly handled + if fjson_object_object_add_ex() is used with option + FJSON_OBJECT_KEY_IS_CONSTANT, fjson_object_object_del() will still + try to delete the key name. Depending on use, this can lead to + double-free, use-after-free or no problem. + see also https://github.com/rsyslog/rsyslog/issues/1839 + closes https://github.com/rsyslog/libfastjson/issues/148 +- fix potentially invalid return value of fjson_object_iter_begin + this could lead to callers doing improper opreations and thus + could lead to a segfault in callers + detected by Coverity scan, CID 198891 +- fix small potential memory leak in json_tokener (unlinkely to occur) + detected by Coverity Scan, CID 198890 0.99.7 2017-10-17 - added option for case-insensitive comparisons This permits to search for json keys in a case-sensitive way. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfastjson-0.99.7/configure new/libfastjson-0.99.8/configure --- old/libfastjson-0.99.7/configure 2017-10-16 11:43:18.000000000 +0200 +++ new/libfastjson-0.99.8/configure 2017-12-18 12:04:51.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for libfastjson 0.99.7. +# Generated by GNU Autoconf 2.69 for libfastjson 0.99.8. # # Report bugs to <[email protected]>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='libfastjson' PACKAGE_TARNAME='libfastjson' -PACKAGE_VERSION='0.99.7' -PACKAGE_STRING='libfastjson 0.99.7' +PACKAGE_VERSION='0.99.8' +PACKAGE_STRING='libfastjson 0.99.8' PACKAGE_BUGREPORT='[email protected]' PACKAGE_URL='' @@ -1336,7 +1336,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures libfastjson 0.99.7 to adapt to many kinds of systems. +\`configure' configures libfastjson 0.99.8 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1407,7 +1407,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of libfastjson 0.99.7:";; + short | recursive ) echo "Configuration of libfastjson 0.99.8:";; esac cat <<\_ACEOF @@ -1525,7 +1525,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -libfastjson configure 0.99.7 +libfastjson configure 0.99.8 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1948,7 +1948,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by libfastjson $as_me 0.99.7, which was +It was created by libfastjson $as_me 0.99.8, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2838,7 +2838,7 @@ # Define the identity of the package. PACKAGE='libfastjson' - VERSION='0.99.7' + VERSION='0.99.8' cat >>confdefs.h <<_ACEOF @@ -14559,7 +14559,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by libfastjson $as_me 0.99.7, which was +This file was extended by libfastjson $as_me 0.99.8, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -14625,7 +14625,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -libfastjson config.status 0.99.7 +libfastjson config.status 0.99.8 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfastjson-0.99.7/configure.ac new/libfastjson-0.99.8/configure.ac --- old/libfastjson-0.99.7/configure.ac 2017-10-16 11:40:10.000000000 +0200 +++ new/libfastjson-0.99.8/configure.ac 2017-12-18 12:02:59.000000000 +0100 @@ -1,7 +1,7 @@ AC_PREREQ(2.52) # Process this file with autoconf to produce a configure script. -AC_INIT([libfastjson], [0.99.7], [[email protected]]) +AC_INIT([libfastjson], [0.99.8], [[email protected]]) # AIXPORT START: Detect the underlying OS unamestr=$(uname) AM_CONDITIONAL([AIX], [test x$unamestr = xAIX]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfastjson-0.99.7/json_object.c new/libfastjson-0.99.8/json_object.c --- old/libfastjson-0.99.7/json_object.c 2017-10-16 11:33:40.000000000 +0200 +++ new/libfastjson-0.99.8/json_object.c 2017-12-16 11:45:04.000000000 +0100 @@ -510,7 +510,9 @@ { struct _fjson_child *const chld = _fjson_find_child(jso, key); if (chld != NULL) { - free((void*)chld->k); + if(!chld->flags.k_is_constant) { + free((void*)chld->k); + } fjson_object_put(chld->v); chld->flags.k_is_constant = 0; chld->k = NULL; @@ -658,6 +660,7 @@ case fjson_type_string: if (fjson_parse_int64(get_string_component(jso), &cint) == 0) return cint; + ATTR_FALLTHROUGH case fjson_type_null: case fjson_type_object: case fjson_type_array: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfastjson-0.99.7/json_object_iterator.c new/libfastjson-0.99.8/json_object_iterator.c --- old/libfastjson-0.99.7/json_object_iterator.c 2017-10-04 17:07:51.000000000 +0200 +++ new/libfastjson-0.99.8/json_object_iterator.c 2017-12-16 13:16:06.000000000 +0100 @@ -64,7 +64,11 @@ struct fjson_object_iterator fjson_object_iter_begin(struct fjson_object *const __restrict__ obj) { - struct fjson_object_iterator iter; + struct fjson_object_iterator iter = { + .objs_remain = 0, + .curr_idx = 0, + .pg = NULL + }; if(obj->o_type == fjson_type_object) { iter.objs_remain = obj->o.c_obj.nelem; @@ -77,8 +81,6 @@ fjson_object_iter_next(&iter); } } - } else { /* non-object */ - iter.objs_remain = 0; } return iter; } @@ -89,13 +91,11 @@ struct fjson_object_iterator fjson_object_iter_end(const struct fjson_object __attribute__((unused)) *obj) { - struct fjson_object_iterator iter; - - JASSERT(NULL != obj); - - /// @note the end condition is actually that no more entries are - /// present, so only set that property. - iter.objs_remain = 0; + struct fjson_object_iterator iter = { + .objs_remain = 0, + .curr_idx = 0, + .pg = NULL + }; return iter; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfastjson-0.99.7/json_object_private.h new/libfastjson-0.99.8/json_object_private.h --- old/libfastjson-0.99.7/json_object_private.h 2017-10-16 11:33:40.000000000 +0200 +++ new/libfastjson-0.99.8/json_object_private.h 2017-10-23 08:23:21.000000000 +0200 @@ -17,6 +17,13 @@ extern "C" { #endif +/* define a couple of attributes to improve cross-platform builds */ +#if __GNUC__ > 6 + #define ATTR_FALLTHROUGH __attribute__((fallthrough)); +#else + #define ATTR_FALLTHROUGH +#endif + #define LEN_DIRECT_STRING_DATA 32 /**< how many bytes are directly stored in fjson_object for strings? */ /** diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfastjson-0.99.7/json_print.c new/libfastjson-0.99.8/json_print.c --- old/libfastjson-0.99.7/json_print.c 2017-10-16 11:33:40.000000000 +0200 +++ new/libfastjson-0.99.8/json_print.c 2017-12-16 11:45:04.000000000 +0100 @@ -181,7 +181,8 @@ va_start(arguments, format); // format into the buffer, again - buffer->size += vsnprintf(buffer->buffer + buffer->filled, buffer->size - buffer->filled - 1, format, arguments); + buffer->size += vsnprintf(buffer->buffer + buffer->filled, + buffer->size - buffer->filled - 1, format, arguments); // clean up varargs va_end(arguments); @@ -283,7 +284,8 @@ case '\\': result += buffer_append(buffer, "\\\\", 2); break; case '/': result += buffer_append(buffer, "\\/", 2); break; default: - result += buffer_printf(buffer, "\\u00%c%c", fjson_hex_chars[*str >> 4], fjson_hex_chars[*str & 0xf]); + result += buffer_printf(buffer, "\\u00%c%c", + fjson_hex_chars[*str >> 4], fjson_hex_chars[*str & 0xf]); break; } start_offset = ++str; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfastjson-0.99.7/json_tokener.c new/libfastjson-0.99.8/json_tokener.c --- old/libfastjson-0.99.7/json_tokener.c 2017-10-04 17:07:51.000000000 +0200 +++ new/libfastjson-0.99.8/json_tokener.c 2017-12-16 13:16:06.000000000 +0100 @@ -32,6 +32,7 @@ #include "printbuf.h" #include "arraylist.h" #include "json_object.h" +#include "json_object_private.h" #include "json_tokener.h" #include "json_util.h" @@ -135,7 +136,8 @@ free(tok); } -static void fjson_tokener_reset_level(struct fjson_tokener *tok, int depth) +static void __attribute__((nonnull(1))) +fjson_tokener_reset_level(struct fjson_tokener *const tok, const int depth) { tok->stack[depth].state = fjson_tokener_state_eatws; tok->stack[depth].saved_state = fjson_tokener_state_start; @@ -145,7 +147,7 @@ tok->stack[depth].obj_field_name = NULL; } -void fjson_tokener_reset(struct fjson_tokener *tok) +void fjson_tokener_reset(struct fjson_tokener *const tok) { int i; if (!tok) @@ -157,7 +159,8 @@ tok->err = fjson_tokener_success; } -struct fjson_object *fjson_tokener_parse(const char *str) +struct fjson_object * __attribute__((nonnull(1))) +fjson_tokener_parse(const char *const str) { enum fjson_tokener_error jerr_ignored; struct fjson_object *obj; @@ -165,7 +168,9 @@ return obj; } -struct fjson_object *fjson_tokener_parse_verbose(const char *str, enum fjson_tokener_error *error) +struct fjson_object * __attribute__((nonnull(1, 2))) +fjson_tokener_parse_verbose(const char *const str, + enum fjson_tokener_error *const error) { struct fjson_tokener *tok; struct fjson_object *obj; @@ -251,6 +256,9 @@ the string length is less than INT32_MAX (2GB) */ if ((len < -1) || (len == -1 && strlen(str) > INT32_MAX)) { tok->err = fjson_tokener_error_size; +# ifdef HAVE_SETLOCALE + free(oldlocale); +# endif return NULL; } @@ -305,6 +313,8 @@ tok->err = fjson_tokener_error_parse_unexpected; goto out; } + /* TODO: verify if FALLTHROUGH is actually right! */ + ATTR_FALLTHROUGH case '"': state = fjson_tokener_state_string; printbuf_reset(tok->pb); @@ -543,12 +553,14 @@ if (got_hi_surrogate) { if (IS_LOW_SURROGATE(tok->ucs_char)) { - /* Recalculate the ucs_char, then fall thru to process normally */ + /* Recalculate the ucs_char, then fall thru to process + normally */ tok->ucs_char = DECODE_SURROGATE_PAIR(got_hi_surrogate, tok->ucs_char); } else { - /* Hi surrogate was not followed by a low surrogate */ + /* Hi surrogate was not followed by a low + * surrogate */ /* Replace the hi and process the rest normally */ printbuf_memappend_fast(tok->pb, (char *) @@ -556,10 +568,11 @@ 3); } got_hi_surrogate = 0; - /* clang static analyzer thins that got_hi_surrogate is never read, - * however, it is read on each iteration. So I assume clang has a false - * positive. We use the otherwise nonsense statement below to make it - * happy. + /* clang static analyzer thins that got_hi_surrogate + * is never read, * however, it is read on each + * iteration. So I assume clang has a false positive. + * We use the otherwise nonsense statement below to + * make it happy. */ if (got_hi_surrogate) { }; @@ -584,8 +597,9 @@ if ((tok->char_offset + 1 != len) && (tok->char_offset + 2 != len) && (str[1] == '\\') && (str[2] == 'u')) { - /* Advance through the 16 bit surrogate, and move on to the - * next sequence. The next step is to process the following + /* Advance through the 16 bit surrogate, and + * move on to the next sequence. The next + * step is to process the following * characters. */ if (!ADVANCE_CHAR(str, tok) @@ -608,11 +622,11 @@ } tok->ucs_char = 0; tok->st_pos = 0; - continue; /* other fjson_tokener_state_escape_unicode */ + continue;/* other fjson_tokener_state_escape_unicode */ } else { - /* Got a high surrogate without another sequence following - * it. Put a replacement char in for the hi surrogate - * and pretend we finished. + /* Got a high surrogate without another sequence + * following it. Put a replacement char in for + * the hi surrogate and pretend we finished. */ printbuf_memappend_fast(tok->pb, (char *) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libfastjson-0.99.7/tests/chk_version new/libfastjson-0.99.8/tests/chk_version --- old/libfastjson-0.99.7/tests/chk_version 2017-10-16 11:47:41.000000000 +0200 +++ new/libfastjson-0.99.8/tests/chk_version 2017-12-18 12:05:32.000000000 +0100 @@ -31,7 +31,7 @@ # if CDPATH is set. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH -relink_command="(cd /home/rger/proj/libfastjson/tests; { test -z \"\${LIBRARY_PATH+set}\" || unset LIBRARY_PATH || { LIBRARY_PATH=; export LIBRARY_PATH; }; }; { test -z \"\${COMPILER_PATH+set}\" || unset COMPILER_PATH || { COMPILER_PATH=; export COMPILER_PATH; }; }; { test -z \"\${GCC_EXEC_PREFIX+set}\" || unset GCC_EXEC_PREFIX || { GCC_EXEC_PREFIX=; export GCC_EXEC_PREFIX; }; }; { test -z \"\${LD_RUN_PATH+set}\" || unset LD_RUN_PATH || { LD_RUN_PATH=; export LD_RUN_PATH; }; }; LD_LIBRARY_PATH=/home/rger/proj/phd/software/cplex/opl/bin/x86-64_linux/; export LD_LIBRARY_PATH; PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/home/rger/proj/phd/software/cplex/cplex/bin/x86-64_linux/:/home/rger/proj/phd/software/cplex/opl/bin/x86-64_linux/:/home/rger/proj/phd/software/cplex/opl/oplide; export PATH; clang -fno-strict-aliasing -Wall -Wextra -Wundef -Wnested-externs -Wwrite-strings -Wpointer-arith -Wmissing-declarations -Wmissing-prototypes -Wstrict-prototypes -Wredundant-decls -Wno-unused-parameter -Wno-missing-field-initializers -Wdeclaration-after-statement -Wformat=2 -Wold-style-definition -Wcast-align -Wformat-nonliteral -Wformat-security -Wsign-compare -Wstrict-aliasing -Wshadow -Winline -Wpacked -Wmissing-format-attribute -Wmissing-noreturn -Winit-self -Wmissing-include-dirs -Warray-bounds -Wimplicit-function-declaration -Wreturn-type -Wswitch-enum -Wswitch-default -Werror -Wno-error=unused-parameter -Wno-error=missing-field-initializers -g -o \$progdir/\$file chk_version.o ../.libs/libfastjson.so ../.libs/libfastjson-internal.a -Wl,-rpath -Wl,/home/rger/proj/libfastjson/.libs)" +relink_command="(cd /home/rger/proj/libfastjson/tests; { test -z \"\${LIBRARY_PATH+set}\" || unset LIBRARY_PATH || { LIBRARY_PATH=; export LIBRARY_PATH; }; }; { test -z \"\${COMPILER_PATH+set}\" || unset COMPILER_PATH || { COMPILER_PATH=; export COMPILER_PATH; }; }; { test -z \"\${GCC_EXEC_PREFIX+set}\" || unset GCC_EXEC_PREFIX || { GCC_EXEC_PREFIX=; export GCC_EXEC_PREFIX; }; }; { test -z \"\${LD_RUN_PATH+set}\" || unset LD_RUN_PATH || { LD_RUN_PATH=; export LD_RUN_PATH; }; }; LD_LIBRARY_PATH=/home/rger/proj/phd/software/cplex/opl/bin/x86-64_linux/; export LD_LIBRARY_PATH; PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/home/rger/proj/phd/software/cplex/cplex/bin/x86-64_linux/:/home/rger/proj/phd/software/cplex/opl/bin/x86-64_linux/:/home/rger/proj/phd/software/cplex/opl/oplide:/home/rger/proj/coverty/cov-analysis-linux64-2017.07/bin; export PATH; gcc -fno-strict-aliasing -Wall -Wextra -Wundef -Wnested-externs -Wwrite-strings -Wpointer-arith -Wmissing-declarations -Wmissing-prototypes -Wstrict-prototypes -Wredundant-decls -Wno-unused-parameter -Wno-missing-field-initializers -Wdeclaration-after-statement -Wformat=2 -Wold-style-definition -Wcast-align -Wformat-nonliteral -Wformat-security -Wsign-compare -Wstrict-aliasing -Wshadow -Winline -Wpacked -Wmissing-format-attribute -Wmissing-noreturn -Winit-self -Wmissing-include-dirs -Wunused-but-set-variable -Warray-bounds -Wimplicit-function-declaration -Wreturn-type -Wswitch-enum -Wswitch-default -Werror -Wno-suggest-attribute=format -Wno-error=unused-parameter -Wno-error=missing-field-initializers -g -o \$progdir/\$file chk_version.o ../.libs/libfastjson.so ../.libs/libfastjson-internal.a -Wl,-rpath -Wl,/home/rger/proj/libfastjson/.libs)" # This environment variable determines our operation mode. if test "$libtool_install_magic" = "%%%MAGIC variable%%%"; then
