mirrors/bun.sh
1
0
Fork 0
mirror of https://github.com/oven-sh/bun synced 2026-02-10 10:58:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
claude/fix-path-buffer-pool-validation
bun.sh/test/js/bun
History
robobun 1344151576 fix(json): prevent stack overflow in JSONC parser on deeply nested input (#26174) 
## Summary
- Add stack overflow protection to JSON/JSONC parser to prevent
segmentation faults
- Parser now throws `RangeError: Maximum call stack size exceeded`
instead of crashing
- Fixes DoS vulnerability when parsing deeply nested JSON structures
(~150k+ depth)

## Test plan
- [x] Added regression tests for deeply nested arrays and objects (25k
depth)
- [x] Verified system Bun v1.3.6 crashes with segfault at 150k depth
- [x] Verified fix throws proper error instead of crashing
- [x] All existing JSONC tests pass

🤖 Generated with [Claude Code](https://claude.ai/code)

---------

Co-authored-by: Claude Bot <claude-bot@bun.sh>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-16 16:23:01 -08:00
..
bun-object
Rewrite test/describe, add test.concurrent (#22534)
2025-09-20 00:35:42 -07:00
bundler
Add Bun.YAML.parse and YAML imports (#22073)
2025-08-23 06:55:30 -07:00
console
Use ReadableStream.prototype.* in tests instead of new Response(...).* (#20937)
2025-07-14 00:47:53 -07:00
cookie
Add missing empty JSValue checking for Bun.cookieMap#delete (#23951)
2025-10-23 13:14:36 -07:00
crypto
gitignore the sources text files (#22408)
2025-09-04 14:59:35 -07:00
css
fix(css): process color-scheme rules inside @layer blocks (#24034)
2025-10-24 19:27:14 -07:00
dns
Add fallback for ADDRCONFIG like Chrome's, avoid glibc UDP port 0 hangs (#19753)
2025-06-05 20:20:00 -07:00
fetch
Delete slop test
2025-09-25 16:24:24 -07:00
ffi
chore: remove duplicate words in comment (#25347)
2025-12-05 11:19:47 -08:00
fixtures/sparse-tars
feat: add Bun.Archive API for creating and extracting tarballs (#25665)
2026-01-09 00:33:35 -08:00
glob
fix(glob): fix typo that caused patterns like .*/* to escape cwd boundary (#24939)
2025-11-23 01:41:17 -08:00
http
fix(http): disable keep-alive on proxy authentication failure (407) (#25884)
2026-01-07 20:49:30 -08:00
import-attributes
Bring Bun.YAML to 90% passing yaml-test-suite (#23265)
2025-10-05 17:23:59 -07:00
ini
fix(ini): support env var expansion in quoted .npmrc values (#25518)
2025-12-16 19:49:23 -08:00
io
misc tidyings from another branch (#24406)
2025-11-05 15:28:28 -08:00
jsc
feat(node:inspector): implement Profiler API (#25939)
2026-01-16 10:12:28 -08:00
jsonc
fix(json): prevent stack overflow in JSONC parser on deeply nested input (#26174)
2026-01-16 16:23:01 -08:00
net
Deflake test/js/bun/net/socket.test.ts
2025-12-08 11:16:26 -08:00
patch
chore: upgrade zig to 0.14.0 (#17820)
2025-03-14 22:13:31 -07:00
perf
test: fix static-initializers.test.ts
2025-08-08 22:28:42 -07:00
perf_hooks
perf_hooks.Histogram (#19920)
2025-05-26 21:18:22 -07:00
plugin
fix(Bun.plugin): return on invalid target error (#24945)
2025-11-23 01:41:42 -08:00
resolve
fix(json): prevent stack overflow in JSONC parser on deeply nested input (#26174)
2026-01-16 16:23:01 -08:00
s3
feat(s3): add Content-Encoding header support for S3 uploads (#26149)
2026-01-15 18:09:33 -08:00
shell
Revert "feat(shell): add $.trace for analyzing shell commands without execution (#25667)"
2026-01-09 16:20:18 -08:00
spawn
fix: reject null bytes in spawn args, env, and shell arguments (#25698)
2025-12-26 23:39:37 -08:00
sqlite
lsan: fix reporting on linux ci (#22806)
2025-09-24 00:47:52 -07:00
stream
Use ReadableStream.prototype.* in tests instead of new Response(...).* (#20937)
2025-07-14 00:47:53 -07:00
terminal
feat: add Bun.Terminal API for pseudo-terminal (PTY) support (#25415)
2025-12-15 12:51:13 -08:00
test
Add fake timers for bun:test (#23764)
2025-12-01 21:59:11 -08:00
udp
Fix formatters not running in CI + delete unnecessary files (#19433)
2025-05-08 23:22:16 -07:00
util
Add Bun.wrapAnsi() for text wrapping with ANSI escape code preservation (#26061)
2026-01-16 16:12:23 -08:00
wasm
Fix bun run folder (#15117)
2025-01-17 22:08:07 -08:00
websocket
Add ServerWebSocket.subscriptions getter (#24299)
2025-11-01 22:43:21 -07:00
yaml
fix(yaml): remove YAML 1.1 legacy boolean values for YAML 1.2 compliance (#25537)
2025-12-16 14:29:39 -08:00
archive-extract-leak-repro.ts
feat: add Bun.Archive API for creating and extracting tarballs (#25665)
2026-01-09 00:33:35 -08:00
archive.test.ts
feat(archive): change API to constructor-based with S3 support (#25940)
2026-01-12 14:54:21 -08:00
deletable-globals-fixture.js
fix(runtime): make most globals configurable/deletable, allow resuming the console iterator (#5216)
2023-09-13 21:39:36 -07:00
empty-file.test.ts
fix: random improvements to bun.String (#7695)
2023-12-20 19:18:32 -08:00
globals.test.js
crypto: fix test-crypto-random.js (#18044)
2025-03-11 18:21:20 -07:00
namespace-prototype-pollution.test.ts
Prevent namespace objects from inheriting Object.prototype (#21984)
2025-08-19 16:40:48 -07:00
runtime-error.test.ts
Fix RuntimeError.from return value (#19777)
2025-05-19 17:05:10 -07:00
secrets-ci-setup.md
Introduce Bun.secrets API (#21973)
2025-08-23 06:57:00 -07:00
secrets-error-codes.test.ts
Introduce Bun.secrets API (#21973)
2025-08-23 06:57:00 -07:00
secrets.test.ts
Introduce Bun.secrets API (#21973)
2025-08-23 06:57:00 -07:00
symbols.test.ts
[publish images] ci: ensure tests that require docker have it available (#22781)
2025-09-25 19:03:22 -07:00