Replace YAJL with c-json for JSON parsing and generation#171
Replace YAJL with c-json for JSON parsing and generation#171giuseppe wants to merge 7 commits intocontainers:mainfrom
Conversation
jnovy
left a comment
jnovy
left a comment
There was a problem hiding this comment.
Concern 1: json_object_new_string_len truncation:
In json_gen_string(), len is size_t but cast to (int) for json_object_new_string_len. For strings > 2GB this would silently truncate. Practically impossible in OCI spec contexts, but a SIZE_MAX > INT_MAX guard or comment would be defensive.
Concern 2: Residual handling semantic change
The old code stored residuals as a yajl_val tree (preserving exact in-memory structure). The new code serializes residuals to a JSON string (char *) and re-parses when generating output. This adds a serialize/parse round-trip. In practice json-c handles this well, but it's worth noting as a behavioral change - e.g., key ordering within residuals may change.
Concern 3: clang-format auto-formatting may cause inconsistency
generate.py now runs clang-format -i on generated files if clang-format is available. This means the generated output differs depending on whether clang-format is installed, which could cause confusion in CI or when comparing outputs across environments. Consider making this opt-in via a flag.
I'm happy we lean towards json-c here!
| json_object_put (g->root); | ||
| for (i = 0; i <= g->depth; i++) | ||
| { | ||
| free (g->pending_key[i]); |
There was a problem hiding this comment.
Memory leak:
// Current code:
for (i = 0; i <= g->depth; i++)
{
free (g->pending_key[i]);
}
// Should be:
for (i = 0; i <= g->depth; i++)
{
free (g->pending_key[i]);
json_object_put (g->stack[i]);
}
thanks! Addressed now |
|
LGTM |
giuseppe
force-pushed
the
use-c-json
branch
2 times, most recently
from
4fa111d to
989feb7
Compare
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
- actions/checkout v3.0.2/v2 -> v6 - uraimo/run-on-arch-action v3.0.1 -> v3.1.0 - Replace deprecated actions-rs/* with dtolnay/rust-toolchain and direct cargo commands Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Remove the honggfuzz HF_ITER code path that caused undefined reference errors when building with -DFUZZER. Wrap main() in #ifndef FUZZER so LibFuzzer can provide its own entry point. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Test parsing and round-trip generation of int64 and uint64 fields with boundary values: INT64_MAX, INT64_MIN, UINT64_MAX, values exceeding 32-bit range, negative values, and zero. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Expand the fuzzer from a single-mode runtime config parser to 7 modes covering all OCI spec parsers with round-trip testing (parse, generate, re-parse). Add honggfuzz-based CI fuzzing with Docker, matching the pattern used by crun. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Switch the JSON backend from the bundled yajl/yyjson to json-c (>= 0.14), which is widely available as a system package. - Replace all yajl/yyjson API calls with json-c equivalents - Implement a thin json_gen_ctx layer that builds json_object trees, matching the old yajl_gen streaming interface - Store residuals as json_object* directly instead of serializing to string, avoiding a round-trip and preserving key ordering - Add INT_MAX guard in json_gen_string() to prevent silent truncation - Fix memory leak in json_gen_free() for unclosed maps/arrays - Remove the embedded yajl/yyjson submodule and build options - Add json-c-devel to fuzzing Dockerfile and remove --enable-embedded-yyjson Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2 participants
Alternative to #170