From 85487773ba69ec2179cac77ed725cec1b6cdffc8 Mon Sep 17 00:00:00 2001
Subject: [PATCH] fix CVE-2020-10663

---
 ext/json/parser/parser.c  | 2 +-
 ext/json/parser/parser.rl | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ext/json/parser/parser.c b/ext/json/parser/parser.c
index d2e4eb6..ae90b2e 100644
--- a/ext/json/parser/parser.c
+++ b/ext/json/parser/parser.c
@@ -1815,7 +1815,7 @@ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self)
     } else {
         json->max_nesting = 100;
         json->allow_nan = 0;
-        json->create_additions = 1;
+        json->create_additions = 0;
         json->create_id = rb_funcall(mJSON, i_create_id, 0);
         json->object_class = Qnil;
         json->array_class = Qnil;
diff --git a/ext/json/parser/parser.rl b/ext/json/parser/parser.rl
index 29900a4..f7dbcff 100644
--- a/ext/json/parser/parser.rl
+++ b/ext/json/parser/parser.rl
@@ -710,7 +710,7 @@ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self)
     } else {
         json->max_nesting = 100;
         json->allow_nan = 0;
-        json->create_additions = 1;
+        json->create_additions = 0;
         json->create_id = rb_funcall(mJSON, i_create_id, 0);
         json->object_class = Qnil;
         json->array_class = Qnil;
-- 
2.23.0