Skip to content

Revert mod 13014#1481

Open
gabsow wants to merge 1 commit into8.4from
revert_MOD-13014
Open

Revert mod 13014#1481
gabsow wants to merge 1 commit into8.4from
revert_MOD-13014

Conversation

@gabsow
Copy link
Collaborator

@gabsow gabsow commented Dec 28, 2025
edited by cursor bot
Loading

Note

Modernizes core JSON handling and release pipeline with compatibility updates.

  • Core/JSONPath: Introduces ValueRef and refactors select_value/json_path to support owned/borrowed values; adds operations over homogeneous numeric arrays; bumps crate to 8.4.1 and updates pack/ramp.yml (compatible_redis_version=8.4, adds asm).
  • C API: Adds v6 (allocJson/freeJson), changes getAt/nextKeyValue to write into provided pointers and return status codes; updates iterators to handle owned values.
  • Build/Tooling: Switches toolchain to Rust 1.88, updates/pins deps (new ijson rev, home=0.5.11), large Cargo.lock refresh.
  • CI/Release: Adds beta-version path producing SNAPSHOT-only artifacts; enhances S3 uploads (beta copies outside snapshots/); tweaks workflows (ARM flow renamed/expanded, macOS/alpine aligned).
  • Tests: Adds datasets and tests for numeric arrays; adjusts defrag threshold and RESP3 memory expectations.
  • Misc: Minor .gitignore update.

Written by Cursor Bugbot for commit 3c7c7ce. This will update automatically on new commits. Configure here.

@gabsow gabsow changed the base branch from master to 8.4 December 28, 2025 17:36
cursor[bot]
cursor bot reviewed Dec 28, 2025
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

C API returns dangling pointers for typed array values

The json_api_next function returns raw pointers to values via .as_ref(). For typed homogeneous arrays (i8, i16, f16, etc.), the ijson library returns ArrayIterItem::Owned values which become ValueRef::Owned in the results iterator. When json_api_next returns a pointer to these owned values, the pointer points to data stored inside the iterator. After json_api_free_iter is called, this data is freed and the pointer becomes dangling. The previous API stored Vec<&'a V> (borrowed references) where pointers remained valid as long as the JSON document was alive. This change breaks the C API contract and can cause use-after-free when C code uses values from typed arrays after freeing the iterator.

redis_json/src/c_api.rs#L296-L306

RedisJSON/redis_json/src/c_api.rs

Lines 296 to 306 in 3c7c7ce

pub fn json_api_next<M: Manager>(_: M, iter: *mut c_void) -> *const c_void {
let iter = unsafe { &mut *(iter.cast::<ResultsIterator<M::V>>()) };
if iter.pos >= iter.results.len() {
null_mut()
} else {
let res = (iter.results[iter.pos].as_ref() as *const M::V).cast::<c_void>();
iter.pos += 1;
res
}
}

json_path/src/json_node.rs#L137-L144

RedisJSON/json_path/src/json_node.rs

Lines 137 to 144 in 3c7c7ce

impl<'a> From<ArrayIterItem<'a>> for ValueRef<'a, IValue> {
fn from(item: ArrayIterItem<'a>) -> Self {
match item {
ArrayIterItem::Borrowed(val) => ValueRef::Borrowed(val),
ArrayIterItem::Owned(val) => ValueRef::Owned(val),
}
}

Fix in Cursor Fix in Web

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@galcohen-redislabs galcohen-redislabs Awaiting requested review from galcohen-redislabs

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gabsow