Open tlhackque opened 7 years ago
The same bug existis in _decode.
We should be able to avoid the whole mess by localizing a%CarpInternal
entry.
That way, any error would be reported from the perspective of JSON::API's caller - and it's the user's job to decide if (s)he wants location information.
This is actually the better approach; JSON::API
should not be hiding error information.
But it turns out that JSON::XS
is calling die()
rather than croak()
. I've contacted the owner, as this is different from JSON::PP
- and wrong.
Here's a reproducer in JSON::API
:
perl -MJSON::API -e'$x=<STDIN>;$x=JSON::API->new( "http://localhost:999" ); $x->put("/", "}{"); print $x->errstr,"\n"'
hash- or arrayref expected (not a simple scalar, use allow_nonref to allow this), <STDIN> line 1.
The fix in JSON::API
is easy - and tested with JSON::PP
as the backend.
I'll do a PR once the JSON::XS
owner agrees to fix his code.
I don't have a reproducer for generating bad JSON, but code review revealed a bug in
_encode
.As I haven't created a reproducer in your module, I don't plan to generate a PR. But you probably should produce a regression test and patch this.
In
_encode
, you attempt to remove the calling location from$@
with:This doesn't take account of the file position that is sometimes included by
die
andcroak
.Here's an example outside of
JSON::API
(type <CR> twice):Note that
, <> line
can be any file handle, andline
can also be `chunk'.You probably intended:
Note that JSON uses
Carp::croak()
rather thandie()
. E.g. you need to handle multiple lines:Carp was "recently" patched to include the file position, so you may need to update to see this.