bun.sh

mirror of https://github.com/oven-sh/bun synced 2026-02-09 18:38:55 +00:00

Files

robobun 1344151576 fix(json): prevent stack overflow in JSONC parser on deeply nested input (#26174 )

## Summary
- Add stack overflow protection to JSON/JSONC parser to prevent
segmentation faults
- Parser now throws `RangeError: Maximum call stack size exceeded`
instead of crashing
- Fixes DoS vulnerability when parsing deeply nested JSON structures
(~150k+ depth)

## Test plan
- [x] Added regression tests for deeply nested arrays and objects (25k
depth)
- [x] Verified system Bun v1.3.6 crashes with segfault at 150k depth
- [x] Verified fix throws proper error instead of crashing
- [x] All existing JSONC tests pass

🤖 Generated with [Claude Code](https://claude.ai/code)

---------

Co-authored-by: Claude Bot <claude-bot@bun.sh>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-16 16:23:01 -08:00

crash

Support import with { type: "json" } and others (#16624 )

2025-03-06 15:04:29 -08:00

toml-empty.toml

Fix importing empty toml file at runtime (#13252 )

2024-08-13 00:21:18 -07:00

toml-fixture.toml

Copy fix from #13756 into separate PR (#13783 )

2024-09-06 20:16:20 -07:00

toml-fixture.toml.txt

Support type import attribute with "text", "json", "toml", and "file" (#10456 )

2024-04-23 15:35:34 -07:00

toml.test.js

fix(json): prevent stack overflow in JSONC parser on deeply nested input (#26174 )

2026-01-16 16:23:01 -08:00