## Summary
- Fixed buffer overflow in env_loader when parsing large environment
variables with escape sequences
- Replaced fixed 4096-byte buffer with a stack fallback allocator that
automatically switches to heap allocation for larger values
- Added comprehensive tests to prevent regression
## Background
The env_loader previously used a fixed threadlocal buffer that could
overflow when parsing environment variables containing escape sequences.
This caused crashes when the parsed value exceeded 4KB.
## Changes
- Replaced fixed buffer with `StackFallbackAllocator` that uses 4KB
stack buffer for common cases and falls back to heap for larger values
- Updated all env parsing functions to accept a reusable buffer
parameter
- Added proper memory cleanup with defer statements
## Test plan
- [x] Added test cases for large environment variables with escape
sequences
- [x] Added test for values larger than 4KB
- [x] Added edge case tests (empty quotes, escape at EOF)
- [x] All existing env tests continue to pass
fixes#11627
fixes BAPI-1274
🤖 Generated with [Claude Code](https://claude.ai/code)
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* Make some things sync on windows
* WIP
* WIP
* remove uses to uv_default_loop
* remove a compiler warning on windows
* edfghjk
* Windows build fixes
* Fixup
* bundows
* Add quotes
* Fix --cwd arg on Windows
* comment
* move this up
* Fix some tests
* `mv` tests pass
* spawn.test passes again
* Allow .sh file extension for Windows
* Unmark failing tests
* env test pass
* windows
* Fix some tests
* Update ProcessBindingTTYWrap.cpp
* Update CMakeLists.txt
* Set tmpdir
* Make it 5s on windows
* Fixup
* Fixup
* Update ProcessBindingTTYWrap.cpp
---------
Co-authored-by: Jarred Sumner <709451+Jarred-Sumner@users.noreply.github.com>
Co-authored-by: dave caruso <me@paperdave.net>
* yay!!!!!!
* [autofix.ci] apply automated fixes
* ok
* do not use reflect here
* ok
* [autofix.ci] apply automated fixes
---------
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
* fix(win/upgrade): do not show powershell expand-archive info while upgrading
* start working bun run
* experiment: `bun.new`
* you can now bun run
* Update src/install/install.zig
Co-authored-by: Jarred Sumner <jarred@jarredsumner.com>
* Update src/install/install.zig
Co-authored-by: Jarred Sumner <jarred@jarredsumner.com>
* stuff
* fix stuff
* fix this
* farther but not really
* sadfs
* path hell
not sure how much worse or better this makes things. its a mess. windows path handlign is a mess aaaaaaaaaaaaaaaa
* path.resolve bs
* remove old build system stuff from pr
* a
* fix some path.parse/join cases
* path closer not perfect
* normalize and join tests tests done
* paths
* implement path.relative
* ,
* stuff
* assert
* fix compile
* hate
* the code isnt great
* stuff
* housekeeping for build system
* blah
* explain windows sitaution in docs
* some progress? not much though
* zig compiler crashes here
* fix
* yippee
* ok
* a
* ala wala
* fix builds on stuff
* clean
* the tests now run
* a
* aa
* dedupe uv event loop
* fix fs test accuracy
* stuff
* [autofix.ci] apply automated fixes
* huge updat e
* [autofix.ci] apply automated fixes
* url
* [autofix.ci] apply automated fixes
* start windows spawnSync
* [autofix.ci] apply automated fixes
* add --webkit for update submodules
* add better err message for `bun setup`
* fix unix platform build
* .
* [autofix.ci] apply automated fixes
* un-upgrade libarchive
* z
* asdfghj
* wrk
* todo -> panic
* ok
* a
* [autofix.ci] apply automated fixes
* fix build scripts l ol
* dfghj
* fa
* [autofix.ci] apply automated fixes
* aaaa
* a
* l
* [autofix.ci] apply automated fixes
* more logs
* [autofix.ci] apply automated fixes
* j
* fix init_command
* CORE DUMP HELL
* i swear im being pranked by the github actions gods
* fadsjkfdshjkhjkdfsahjkdfshjksdafjkhhjkfdsahfsdkjhfsdjkahf
* thanks IAS
* this is the correct fix
* personal review
* ddisablbe these
* revisions!
* ok
* fix submodule
* stuff
* fix libarchive
* [autofix.ci] apply automated fixes
* stuff
* [autofix.ci] apply automated fixes
* a
* fix addressToJS on windows
* make dns async again
* dx: add flag to update submodules ps1 to clone webkit
* dns error case for libuv
* dx improvements on windows
* newline
* obvious fix
* install steps
* extra note
* fix fs test
* Update building-windows.md
* fix builtins bundler to support \r\n line endnigs
* better
* some windows stuff
* a
* a
* a
* aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
* [autofix.ci] apply automated fixes
* bunfile text works
* fix build on the mac
* hellooooooooooo
* install steps
* ci for baseline?
* fix
* aaa
* wow
* install script revamp
* bug
* OK
* ok
* aaaaaaaaaaaaaa
* okay
* fix the node test runner lol
* fix napi stuff
---------
Co-authored-by: Jarred Sumner <jarred@jarredsumner.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: cirospaciari <ciro.spaciai@gmail.com>
Co-authored-by: Dylan Conway <35280289+dylan-conway@users.noreply.github.com>
* fix: provide empty string to len 0 process env vars
For process loaded env vars, its a bug to give them the literal value '""'
if the provided length is 0.
* fix: add test and remove unneeded branch
Removes the redundant branch for empty env vars and adds a test for the
process specific case.
* fix: remove empty_string_value
Removes the constant in favor of using the empty values or passing the
literal "".
* style: format env.test.ts
* Fix crash with .env files that are exactly 158 bytes and a newline character
* Update env_loader.zig
---------
Co-authored-by: Jarred Sumner <709451+Jarred-Sumner@users.noreply.github.com>
* start this
* commit
* mark all failing tests as todo
* fasdfad
* bundler tests
* tests
* adjust failing tests to todo
* comment out some more tests
* png as test
