I bet you didn't see this one coming!

@stig stig released this Nov 15, 2016 · 4 commits to master since this release

I certainly didn't a month ago.

This is the second release motivated by Nicholas Seriot's Parsing JSON is a

Targeting RFC 7159

This release allows scalar values at the top level; as recommended by RFC
7159, which obsoletes the original RFC 4627. Since it is a change in
behaviour I chose to bump the major version to 5.

Please note: When parsing numbers at the top level there is no way to
differentiate 42 on its own from 4200 truncated to just the first two
digits. This problem affects SBJson 5 because it expects to receive input
bit-by-bit. When SBJson 5 sees "42" on its own it returns
SBJson5WaitingForData, since cannot be sure it has seen the full token
yet, and needs more data to make sure. A workaround for this issue could be
to append a space or newline to your input if you intend to give SBJson 5
the whole input in one go. This is not an issue with any of the other JSON
datatypes because they are either fixed length (true, false, null) or
have unambigous delimiters at both ends ([], {}, "").

Rename all classes & public symbols

Because the class names contains the major version number a major-version
bump necessitates renaming all the classes & enums. The upshoot of this is
that you can use SBJson 3, 4 and 5 in the same application without
problems. (Though why you would want to I cannot even begin to guess at.)

Remove the processBlock: API

This release removes the untested processBlock: interface. I believe it
was a distraction from SBJson's core purpose: to parse & generate JSON.
Additionally this API had no tests, and the code had a lot of special case
hooks all over the SBJson*Parser class to do its work.

SBJson actually has two parsers: the low-level SBJson5StreamParser and the
higher-level SBJson5Parser providing a block interface. I believe it's
better to just do what the processBlock interface did in SBJson5Parser's
value block. However, you could also use the stream parser to implement the
processBlock interface yourself.

Constructor changes for parsers + writers

Since I decided to bump the major version number anyway, I took the
opportunity to iron out some UI niggles that's been bothering me for a
while. Now we take options as constructor parameters rather than as
properties for boh the parsers and writers, to avoid the impression that
you can (and that it might make sense!) to change these settings during
parse/generation. It is absolutely not supported, and that should be more
clear now.

Add a sbjson binary for reformatting JSON

This can be useful from a sort of what would SBJson do? point of view. It
takes some options. Here's the result of invoking it with --help:

Usage: sbjson [OPTIONS] [FILES]

  --help, -h
    This message.
  --verbose, -v
    Be verbose about which arguments are used
  --multi-root, -m
    Accept multiple top-level JSON inputs
  --unwrap-root, -u
    Unwrap top-level arrays
  --max-depth INT, -m INT
    Change the max recursion limit to INT (default: 32)
  --sort-keys, -s
    Sort dictionary keys in output
  --human-readable, -r
    Format the JSON output with linebreaks and indents

If no FILES are provided, the program reads standard input.

Run sbjson under American Fuzzy Lop

To try and shake out any new crashes, I've run the sbjson binary alluded
to above under American Fuzzy Lop. I didn't find any more crashes in the
parser after fixing the bugs that went into v4.0.4, but wanted to share
this with you to show I tried to find more bugs before releasing v5.

Here's a snapshot of the latest session I've run:

                       american fuzzy lop 2.35b (master)

┌─ process timing ─────────────────────────────────────┬─ overall results ─────┐
│        run time : 1 days, 12 hrs, 36 min, 22 sec     │  cycles done : 11     │
│   last new path : 0 days, 0 hrs, 34 min, 26 sec      │  total paths : 583    │
│ last uniq crash : none seen yet                      │ uniq crashes : 0      │
│  last uniq hang : 0 days, 2 hrs, 10 min, 54 sec      │   uniq hangs : 47     │
├─ cycle progress ────────────────────┬─ map coverage ─┴───────────────────────┤
│  now processing : 170 (29.16%)      │    map density : 0.39% / 1.49%         │
│ paths timed out : 0 (0.00%)         │ count coverage : 5.02 bits/tuple       │
├─ stage progress ────────────────────┼─ findings in depth ────────────────────┤
│  now trying : splice 7              │ favored paths : 93 (15.95%)            │
│ stage execs : 5/32 (15.62%)         │  new edges on : 142 (24.36%)           │
│ total execs : 18.1M                 │ total crashes : 0 (0 unique)           │
│  exec speed : 282.7/sec             │   total hangs : 297 (47 unique)        │
├─ fuzzing strategy yields ───────────┴───────────────┬─ path geometry ────────┤
│   bit flips : 0/678k, 4/677k, 0/677k                │    levels : 15         │
│  byte flips : 0/84.8k, 0/84.5k, 0/83.9k             │   pending : 31         │
│ arithmetics : 0/4.72M, 0/16.6k, 0/307               │  pend fav : 0          │
│  known ints : 0/480k, 0/2.35M, 0/3.69M              │ own finds : 40         │
│  dictionary : 0/0, 0/0, 2/2.49M                     │  imported : 3          │
│       havoc : 29/1.25M, 5/753k                      │ stability : 100.00%    │
│        trim : 11.02%/43.6k, 0.00%                   ├────────────────────────┘
^C────────────────────────────────────────────────────┘             [cpu: 69%]

+++ Testing aborted by user +++
[+] We're done here. Have a nice day!

Fix bug in unwrapper code that caused arrays to be skipped

Whilst playing with AFL I accidentally found (and fixed) a bug where the
unwrapRootArray parser would break on any arrays at the next-to-outermost

Improved documentation

I've tried to improve the documentation a little, both in README and the API
documentation in the header files.


Fix unwrapRootArrayParser

@stig stig released this Nov 15, 2016

Fixes an embarrassing bug in the unwrapRootArrayParser that made the parser ignore any output after an array entry at depth 1. (I.e. a direct child of the root array.)


4.0.4: No Crashes On Invalid UTF-8 Found

@stig stig released this Nov 3, 2016 · 39 commits to master since this release

Oh, er, well, this is a bit embarrassing. It turns out my tests were insufficently devious, and did not guard against invalid UTF-8 encodings. I thought I could punt on UTF-8 validation and rely on [NSString initWithBytes:length:encoding] to do it, but then Nicolas Seriot reported otherwise (issue #219). The result is that this version won't crash on a whole range invalid UTF-8 byte sequences where previous versions crashed did:

  • Flat-out illegal UTF-8 byte values
  • Missing continuation bytes
  • Unexpected continuation bytes
  • Overlong encodings
  • Invalid Unicode code points

After 9 years of calling SBJson a strict JSON parser I've finally implemented UTF-8 validation. Thank you for the learning opportunity Nicolas!

Also in this release:

  • Recreate the project file and targets using Xcode 8.
  • Re-organising the frankly bonkers repo layout to hopefully make it easier for casual contributors to find their way around.
  • Fix the Travis build; this had broken due to bit rot.


Add Carthage support

@stig stig released this Jul 7, 2016 · 60 commits to master since this release

Minor bug fix release.

  • 207dfa3 Adjust Travis CI configuration (#1)
  • 191b0ad Rename Carthage Mac target
  • 23e47df Update README.md
  • ed536b5 Add Carthage iOS target
  • d53dfe4 Add repo status to README
  • 4ca1d84 Replace deprecated method with alternative
  • d088bd1 Add codecov badge to README
  • 4e7df93 Make variable private
  • 2983d71 Attempt at adding code test coverage metrics
  • 959f5bd Make link (hopefully) to LICENCE
  • 52ab522 Add a top-level heading to README
  • abe079d Update to-date on license
  • bff9599 Remove prefix headers
  • 2fbe784 Use Xcodebuild rather than xctool
  • 5f63aa0 Add Gitter URL to README



@stig stig released this Jun 24, 2015 · 81 commits to master since this release

A few patches to address warnings submitted by various people.

  • a34295f Merge pull request #201 from isimpson/patch-1
  • 6069c12 Fix semantic issue Xcode warning
  • ceaa84a Update travis-ci to use a build matrix rather than explicit script
  • 647ff7e Add semicolons after block - fixes #198
  • 34b2d47 Update README.md
  • f4933c9 Merge pull request #194 from karelia/master
  • beed41a Return NULL for invalid chars
  • 64ea007 Readme update
  • e628af0 Slightly saner error handling (thanks AppCode!)
  • 852f607 Inline method (thanks AppCode!)
  • 20a2ece Add cast to correct unmatched type issue (thanks AppCode!)
  • 18cbb6c Fix typos in comments and variable names (thanks AppCode!)
  • a90dddf Killed 58 lines of unreachable code (thanks AppCode!)
  • 024672c Simplify expression as suggested by AppCode
  • f999088 Remove broken example (twitter no longer support basic auth)
  • dba2719 Create a new (external) DisplayPretty project and link to it rather than embed it
  • f7ee521 fixup! Extract LICENSE from README again (I changed my mind...)
  • 59d3810 Extract LICENSE from README again (I changed my mind...)


  • Apr 22, 2014


    This version is DEPRECATED. Please upgrade to the latest major versio…
    …n. This tag is only created for the benefit of CocoaPods.


@stig stig released this Apr 16, 2014 · 100 commits to master since this release

Change installation instructions to recommend use of CocoaPods.

Started using http://travis-ci.org to ensure builds are good. This now runs tests for both iOS and OSX build of the library.

Fix method names in API documentation examples.

Modernise and tidy up a bit by:

  • Convert tests to use XCTest rather than OCUnit.
  • Remove unnecessary schemes.
  • Turn on analyze for tests too.
  • Enable modules & drop explicit dependency on Foundation.
  • Make precompiled headers use Foundation/Foundation.h rather than UIKit / Cocoa headers.
  • Upgrade to latest Xcode5.1 recommended settings.
  • Remove annoying (but harmless) warning about ARC retain cycle in tests.

Full list of commits:

  • 6e28701 Run tests for both iOS and OSX
  • b93a64b Turn on analyze for tests too
  • 816cca4 Convert OCUnit to XCTest
  • 0546997 Remove unnecessary schemes
  • eca32c2 Enable Modules
  • 91be3a7 Upgrade to latest Xcode settings
  • f17611c README updates
  • 1b60dd1 Make Podfile documentation a bit clearer
  • 79c814b Update copyright year
  • e1c770c Update README
  • 0a60393 Remove annoying (but harmless) warning about ARC retain cycle in tests
  • d23adbc Update README.md
  • 259fa96 Build-status information from Travis
  • 8651019 Add shared Xcode schemes for Travis
  • f0f1d61 Add .travis.yml to integrate with travis-ci.org
  • fb05d7d Clarify example in documentation
  • 928a69d Fix documentation


Version 4.0.0 Final!

@stig stig released this Dec 16, 2013 · 118 commits to master since this release

I'm happy to announce the fourth major release of SBJson! As mentioned in this blog post the focus for this release has been on making the chunk-based (aka streaming) API much simpler to use, and I believe this is the case.

Because this release is not backwards compatible with previous versions all classes, constants & enums were renamed to contain the number 4. This is so that you can use the new APIs while still relying on libraries that bundle older versions of this library.

Remove the old SBJsonParser and created a new chunk-oriented one based on version 3.2's SBJsonStreamParserAdapter.

This release also includes two important parsing fixes related to number parsing. We now support the full range of unsigned long long as a proper integer type, and properly support the full range of double. In doing so SBJson was changed to never produce a NSDecimalNumber, but always return NSNumber instances.