bun.sh

mirrors/bun.sh

Fork 0

mirror of https://github.com/oven-sh/bun synced 2026-02-10 19:08:50 +00:00

Commit Graph

Author	SHA1	Message	Date
robobun	b47d0bf960	fix(install): prevent base64 integrity parsing panic on oversized input (#21936 ) ## Summary Fixes a panic that occurred when parsing malformed integrity data in lockfiles. The issue was in `integrity.zig` where base64 decoding attempted to write more bytes than the fixed-size digest buffer could hold, causing `panic: index out of bounds: index 64, len 64`. ## Root Cause The `Integrity.parse()` function tried to decode base64 data into a fixed 64-byte buffer without validating that the decoded size wouldn't exceed the buffer capacity. When malformed or oversized base64 integrity strings were encountered in lockfiles, this caused an out-of-bounds write. ## Fix Added proper bounds checking in `src/install/integrity.zig`: - Validates expected digest length before decoding - Checks decoded size against buffer capacity using `calcSizeForSlice()` - Only decodes into appropriately sized buffer slice based on hash algorithm - Returns `unknown` tag for malformed data instead of panicking ## Test Plan - [x] Verified release binary crashes with malformed integrity data - [x] Verified debug build with fix handles malformed data gracefully - [x] Added comprehensive regression tests for all hash types (sha1, sha256, sha384, sha512) - [x] Confirmed normal lockfile parsing continues to work correctly - [x] Tests pass: `bun bd test test/regression/issue/integrity-base64-bounds-check.test.ts` ## Before/After Before: `panic: index out of bounds: index 64, len 64` After: Graceful handling with warning about malformed integrity data 🤖 Generated with [Claude Code](https://claude.ai/code) --------- Co-authored-by: Claude Bot <claude-bot@bun.sh> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2025-08-18 03:04:37 -07:00

Author

SHA1

Message

Date

robobun

b47d0bf960

fix(install): prevent base64 integrity parsing panic on oversized input (#21936 )

## Summary

Fixes a panic that occurred when parsing malformed integrity data in
lockfiles. The issue was in `integrity.zig` where base64 decoding
attempted to write more bytes than the fixed-size digest buffer could
hold, causing `panic: index out of bounds: index 64, len 64`.

## Root Cause

The `Integrity.parse()` function tried to decode base64 data into a
fixed 64-byte buffer without validating that the decoded size wouldn't
exceed the buffer capacity. When malformed or oversized base64 integrity
strings were encountered in lockfiles, this caused an out-of-bounds
write.

## Fix

Added proper bounds checking in `src/install/integrity.zig`:
- Validates expected digest length before decoding  
- Checks decoded size against buffer capacity using `calcSizeForSlice()`
- Only decodes into appropriately sized buffer slice based on hash
algorithm
- Returns `unknown` tag for malformed data instead of panicking

## Test Plan

- [x] Verified release binary crashes with malformed integrity data
- [x] Verified debug build with fix handles malformed data gracefully 
- [x] Added comprehensive regression tests for all hash types (sha1,
sha256, sha384, sha512)
- [x] Confirmed normal lockfile parsing continues to work correctly
- [x] Tests pass: `bun bd test
test/regression/issue/integrity-base64-bounds-check.test.ts`

## Before/After

**Before**: `panic: index out of bounds: index 64, len 64`  
**After**: Graceful handling with warning about malformed integrity data

🤖 Generated with [Claude Code](https://claude.ai/code)

---------

Co-authored-by: Claude Bot <claude-bot@bun.sh>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

2025-08-18 03:04:37 -07:00

1 Commits