## Summary
- Add proper bounds checking for encoding operations that produce larger
output than input
- Handle allocation failures gracefully by returning appropriate errors
- Add defensive checks in string initialization functions
## Test plan
- Added test case for encoding operations with large buffers
- Verified existing buffer tests still pass
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Bot <claude-bot@bun.sh>
Co-authored-by: Claude <noreply@anthropic.com>
## Summary
Fixed an unsigned integer underflow in the bounds check for
`writeBigInt64LE`, `writeBigInt64BE`, `writeBigUInt64LE`, and
`writeBigUInt64BE` methods.
## Problem
When `byteLength < 8`, the bounds check `offset > byteLength - 8` would
cause unsigned integer underflow (since both are `size_t`), resulting in
a large positive number that would pass the check. This allowed
out-of-bounds writes and caused ASAN use-after-poison errors.
**Reproduction:**
```js
const buf = Buffer.from("Hello World");
const slice = buf.slice(0, 5);
slice.writeBigUInt64BE(4096n, 10000); // ASAN error!
```
## Solution
Added an explicit `byteLength < 8` check before the subtraction to
prevent the underflow. The fix is applied to all four functions:
- `writeBigInt64LE` (src/bun.js/bindings/JSBuffer.cpp:2464)
- `writeBigInt64BE` (src/bun.js/bindings/JSBuffer.cpp:2504)
- `writeBigUInt64LE` (src/bun.js/bindings/JSBuffer.cpp:2543)
- `writeBigUInt64BE` (src/bun.js/bindings/JSBuffer.cpp:2582)
## Test plan
- Added comprehensive regression tests covering all edge cases
- Verified the original reproduction case now throws a proper RangeError
instead of crashing
- All tests pass
🤖 Generated with [Claude Code](https://claude.com/claude-code)
---------
Co-authored-by: Claude Bot <claude-bot@bun.sh>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Jarred Sumner <jarred@jarredsumner.com>
### What does this PR do?
The constructor was using `isUtf8` instead of `isAscii`.
Instead of this change maybe we should remove the constructors for
`isAscii` and `isUtf8`. It looks like we do this for most native
functions, but would be more breaking than correcting the current bug.
### How did you verify your code works?
Added a test
* Implement `expect.unreachable`
* UIse expect.unreachable() in some tests
* Use more unreachable
* More unreachable
---------
Co-authored-by: Jarred Sumner <709451+Jarred-Sumner@users.noreply.github.com>
* make bufferconstructor a static hash table
* chore: Upgrade WebKit to 4d995edbc44062b251be638818edcd88d7d14dd7
* make it constructable now
* fix comment
* yippee
* update CI workflows
* Fix#3497
* Fix#3497
* Run prettier
* Fix package.json
* remove this too
* yeah
* Fix missing tests
* Use native for utf-8-validate
* Add module ID names to builtins
* Defer evaluation of ESM & CJS modules until link time
* Use builtin name for exports in plugins
* Add module IDs to builtins
* Update JSC build with new flag
* WebKit upgrade fixes
* Update WebKit
* prettier
* Upgrade WebKit
* bump
* Update once again
* Add visitAdditionalChildren, remove .fill() usage
* Update process.test.js
* Update fs.test.ts
---------
Co-authored-by: dave caruso <me@paperdave.net>
Co-authored-by: Jarred Sumner <709451+Jarred-Sumner@users.noreply.github.com>
* stfdsafsd
sadffdsa
stuff
finish commonjs stuff
asdf
not done but work
not done but work
not done yet but this is how far i am
remove files
lol
update built files
uncomment everything in events lol
export default
stuff
* afdsafsd
* its not perfect but almost done
* okay
* cool
* remove temp file
* finish rebase
* revert settings.json
* a
* ch-ch-ch-ch-changes
* okay
* remove this check in release for now
* sxdcfghnjm,
* lkjhgf
* fmt
* filename can be null
* Update NodeModuleModule.h
* weee
* fmt
---------
Co-authored-by: Jarred Sumner <709451+Jarred-Sumner@users.noreply.github.com>
* Allow `toString` to be called with `(offset, length, encoding)`.
Close: #3085
* handle undefined value
* add tests for buffer.xxxSlice
* fix parameters
* fix offset and length
