Draft: Fix copy behavior for complex types (!31) · Merge requests · GNOME / json-glib

Emmanuele Bassi requested to merge deep-copy into main Aug 24, 2020

The parent of the reffed children were previously left pointing to the original node. In the best-case scenario this would lead to inconsistent state when walking down a tree and then walking back up again. In the worst-case scenario this would happen when the original node had a shorter life-time than the copy, resulting in use-after-free.

A typical scenario where this went wrong was with json_from_string(), which would copy the root node, let go of the last reference to the root node, and then return the copy. The copy would then have dangling parent pointers. This probably went unnoticed for most use-cases, but would go terribly wrong if someone used a JsonReader and navigated back up the tree by e.g. calling end_member().

Fixes: #20 Fixes: #32 (closed)

Draft: Fix copy behavior for complex types

Merge request reports