fix: address review feedback

- Use char[] instead of char* for str to enable sizeof() for prefix_len - Fix buffer over-read in truncation fallback by capping url_bytes_to_copy 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
fix(c-bindings): add safety checks to bun_warn_avx_missing
2026-02-16 13:51:47 +00:00 · 2025-11-26 00:05:52 +00:00 · 2025-11-25 19:27:41 +00:00
1 changed files with 45 additions and 7 deletions
--- a/src/bun.js/bindings/c-bindings.cpp
+++ b/src/bun.js/bindings/c-bindings.cpp
@@ -30,14 +30,52 @@ extern "C" void bun_warn_avx_missing(const char* url)
        return;
    }

-    static constexpr const char* str = "warn: CPU lacks AVX support, strange crashes may occur. Reinstall Bun or use *-baseline build:\n  ";
-    const size_t len = strlen(str);
+    static constexpr char str[] = "warn: CPU lacks AVX support, strange crashes may occur. Reinstall Bun or use *-baseline build:\n  ";
+    static constexpr size_t prefix_len = sizeof(str) - 1; // Exclude null terminator
+    static constexpr size_t suffix_len = 1; // "\n"
+    static constexpr size_t stack_buf_size = 512;

-    char buf[512];
-    strcpy(buf, str);
-    strcpy(buf + len, url);
-    strcpy(buf + len + strlen(url), "\n\0");
-    [[maybe_unused]] auto _ = write(STDERR_FILENO, buf, strlen(buf));
+    // Safety check: if url is null, use an empty string
+    if (!url) {
+        url = "";
+    }
+
+    const size_t url_len = strlen(url);
+    const size_t total_len = prefix_len + url_len + suffix_len;
+
+    char stack_buf[stack_buf_size];
+    char* buf = stack_buf;
+    bool allocated = false;
+
+    // If the total length exceeds our stack buffer, allocate on the heap
+    if (total_len >= stack_buf_size) {
+        buf = static_cast<char*>(malloc(total_len + 1));
+        if (!buf) {
+            // Allocation failed, fall back to truncated output using stack buffer
+            buf = stack_buf;
+            // Write what we can: prefix + as much of URL as fits + newline
+            memcpy(buf, str, prefix_len);
+            const size_t remaining = stack_buf_size - prefix_len - suffix_len - 1;
+            const size_t url_bytes_to_copy = url_len < remaining ? url_len : remaining;
+            memcpy(buf + prefix_len, url, url_bytes_to_copy);
+            buf[prefix_len + url_bytes_to_copy] = '\n';
+            buf[prefix_len + url_bytes_to_copy + 1] = '\0';
+            [[maybe_unused]] auto _ = write(STDERR_FILENO, buf, prefix_len + url_bytes_to_copy + suffix_len);
+            return;
+        }
+        allocated = true;
+    }
+
+    memcpy(buf, str, prefix_len);
+    memcpy(buf + prefix_len, url, url_len);
+    buf[prefix_len + url_len] = '\n';
+    buf[total_len] = '\0';
+
+    [[maybe_unused]] auto _ = write(STDERR_FILENO, buf, total_len);
+
+    if (allocated) {
+        free(buf);
+    }
 }
 #endif