bun.sh

mirrors/bun.sh

Fork 0

mirror of https://github.com/oven-sh/bun synced 2026-02-12 11:59:00 +00:00

Commit Graph

Author	SHA1	Message	Date
robobun	9907c2e9fa	fix(patch): add bounds checking to prevent segfault during patch application (#21939 ) ## Summary - Fixes segmentation fault when applying patches with out-of-bounds line numbers - Adds comprehensive bounds checking in patch application logic - Includes regression tests to prevent future issues ## Problem Previously, malformed patches with line numbers beyond file bounds could cause segmentation faults by attempting to access memory beyond allocated array bounds in `addManyAt()` and `replaceRange()` calls. ## Solution Added bounds validation at four key points in `src/patch.zig`: 1. Hunk start position validation (line 283-286) - Ensures hunk starts within file bounds 2. Context line validation (line 294-297) - Validates context lines exist within bounds 3. Insertion position validation (line 302-305) - Checks insertion position is valid 4. Deletion range validation (line 317-320) - Ensures deletion range is within bounds All bounds violations now return `EINVAL` error gracefully instead of crashing. ## Test Coverage Added comprehensive regression tests in `test/regression/issue/patch-bounds-check.test.ts`: - ✅ Out-of-bounds insertion attempts - ✅ Out-of-bounds deletion attempts - ✅ Out-of-bounds context line validation - ✅ Valid patch application (positive test case) Tests verify that `bun install` completes gracefully when encountering malformed patches, with no crashes or memory corruption. ## Test Results ``` bun test v1.2.21 ✅ Bounds checking working: bun install completed gracefully despite malformed patch ✅ Bounds checking working: bun install completed gracefully despite deletion beyond bounds ✅ Bounds checking working: bun install completed gracefully despite context lines beyond bounds 4 pass 0 fail 22 expect() calls Ran 4 tests across 1 file. [4.70s] ``` 🤖 Generated with [Claude Code](https://claude.ai/code) --------- Co-authored-by: Claude Bot <claude-bot@bun.sh> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Jarred Sumner <jarred@jarredsumner.com> Co-authored-by: Zack Radisic <56137411+zackradisic@users.noreply.github.com>	2025-09-12 23:44:48 -07:00

Author

SHA1

Message

Date

robobun

9907c2e9fa

fix(patch): add bounds checking to prevent segfault during patch application (#21939 )

## Summary

- Fixes segmentation fault when applying patches with out-of-bounds line
numbers
- Adds comprehensive bounds checking in patch application logic
- Includes regression tests to prevent future issues

## Problem

Previously, malformed patches with line numbers beyond file bounds could
cause segmentation faults by attempting to access memory beyond
allocated array bounds in `addManyAt()` and `replaceRange()` calls.

## Solution

Added bounds validation at four key points in `src/patch.zig`:

1. **Hunk start position validation** (line 283-286) - Ensures hunk
starts within file bounds
2. **Context line validation** (line 294-297) - Validates context lines
exist within bounds
3. **Insertion position validation** (line 302-305) - Checks insertion
position is valid
4. **Deletion range validation** (line 317-320) - Ensures deletion range
is within bounds

All bounds violations now return `EINVAL` error gracefully instead of
crashing.

## Test Coverage

Added comprehensive regression tests in
`test/regression/issue/patch-bounds-check.test.ts`:

- ✅ Out-of-bounds insertion attempts
- ✅ Out-of-bounds deletion attempts  
- ✅ Out-of-bounds context line validation
- ✅ Valid patch application (positive test case)

Tests verify that `bun install` completes gracefully when encountering
malformed patches, with no crashes or memory corruption.

## Test Results

```
bun test v1.2.21
✅ Bounds checking working: bun install completed gracefully despite malformed patch
✅ Bounds checking working: bun install completed gracefully despite deletion beyond bounds
✅ Bounds checking working: bun install completed gracefully despite context lines beyond bounds

 4 pass
 0 fail
 22 expect() calls
Ran 4 tests across 1 file. [4.70s]
```

🤖 Generated with [Claude Code](https://claude.ai/code)

---------

Co-authored-by: Claude Bot <claude-bot@bun.sh>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Jarred Sumner <jarred@jarredsumner.com>
Co-authored-by: Zack Radisic <56137411+zackradisic@users.noreply.github.com>

2025-09-12 23:44:48 -07:00

1 Commits