[libvirt] [PATCHv3 03/13] Switch from yajl to Jansson
Daniel P. Berrangé
berrange at redhat.com
Tue May 15 13:21:07 UTC 2018
On Tue, May 15, 2018 at 03:05:55PM +0200, Peter Krempa wrote:
> On Fri, May 11, 2018 at 14:59:04 +0200, Ján Tomko wrote:
> > Yajl has not seen much activity upstream recently.
>
> [0]
[snip]
> [0] For anyone following current meme trends, this looks like it's
> relevant to our YAJL->janson switch:
>
> https://i.redditmedia.com/J46fZN24lFx3fMRlJNpkNEOFqU79zWTsRDBMla1u0HE.jpg?s=4757d31d1cbd758962407917e0d3aacb
If you think we should stay with YAJL because it "just works" then
take a look at the bug reports against it upstream
https://github.com/lloyd/yajl/issues
double frees, memory leaks, parser gets stuck after parsing bad JSON, etc
all ignored for years. The robustness of the JSON parser we use is
critical to the security of the libvirt QEMU driver. I'm not saying
janson is perfect, but it is at least maintained, so when problem in
it as discovered, there's a real possibility to get them fixed, instead
of ignored with the YAJL abandonware.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list