mirrors/bun.sh
1
0
Fork 0
mirror of https://github.com/oven-sh/bun synced 2026-02-02 15:08:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2c0721eabe7f8aebcd07c8d7fb337fdf570ea51f
bun.sh/test/js/bun/resolve
History
robobun 1344151576 fix(json): prevent stack overflow in JSONC parser on deeply nested input (#26174) 
## Summary
- Add stack overflow protection to JSON/JSONC parser to prevent
segmentation faults
- Parser now throws `RangeError: Maximum call stack size exceeded`
instead of crashing
- Fixes DoS vulnerability when parsing deeply nested JSON structures
(~150k+ depth)

## Test plan
- [x] Added regression tests for deeply nested arrays and objects (25k
depth)
- [x] Verified system Bun v1.3.6 crashes with segfault at 150k depth
- [x] Verified fix throws proper error instead of crashing
- [x] All existing JSONC tests pass

🤖 Generated with [Claude Code](https://claude.ai/code)

---------

Co-authored-by: Claude Bot <claude-bot@bun.sh>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-16 16:23:01 -08:00
..
bar
Fix tsconfig path longest prefix matching (#8892)
2024-02-14 08:23:45 -08:00
fixtures
fix: reflect-metadata import order (#18086)
2025-03-26 16:19:45 -07:00
png
Get Bun.write tests to pass on Windows and bun:sqlite tests to pass (#8393)
2024-01-23 20:03:56 -08:00
toml
fix(json): prevent stack overflow in JSONC parser on deeply nested input (#26174)
2026-01-16 16:23:01 -08:00
with space
fix(node:module): allow file url strings in createRequire (#7533)
2023-12-08 16:32:35 -08:00
with-type-module
without-type-module
yaml
Add Bun.YAML.parse and YAML imports (#22073)
2025-08-23 06:55:30 -07:00
an-empty-file-with-a-strange-extension.weird
Fixes #9521 (#9530)
2024-03-21 00:06:24 -07:00
baz.js
build-error.test.ts
Fixes #6730 (#9930)
2024-04-04 07:26:53 -07:00
bun-lock.test.ts
allow importing bun.lock (+ types for it) (#16244)
2025-01-12 20:08:56 -08:00
chooses-ts.js
chooses-ts.ts
empty-file
Fix crash on empty text file import (#19165)
2025-04-25 23:42:41 -07:00
esModule-annotation.test.js
Fixes #14411 (#14691)
2024-10-20 22:02:44 +00:00
esModule.test.ts
Fix formatters not running in CI + delete unnecessary files (#19433)
2025-05-08 23:22:16 -07:00
file-importing-nonexistent-file.js
first.mjs
import-custom-condition.test.ts
pm: print command name to stdout (#14266)
2024-10-02 02:24:37 -07:00
import-empty.test.js
Add Bun.YAML.parse and YAML imports (#22073)
2025-08-23 06:55:30 -07:00
import-meta-resolve.test.mjs
fix(install): isolated install aliased dependency name fix (#21138)
2025-07-19 01:59:52 -07:00
import-meta.test.js
Fix formatters not running in CI + delete unnecessary files (#19433)
2025-05-08 23:22:16 -07:00
import-query-fixture.ts
Fix importing with query strings at the end (#16456)
2025-01-16 23:16:11 -08:00
import-query.test.ts
Fix formatters not running in CI + delete unnecessary files (#19433)
2025-05-08 23:22:16 -07:00
import-require-tla.js
run prettier and add back format action (#13722)
2024-09-03 21:32:52 -07:00
import.live.decl.js
import.live.rexport-require.js
run prettier and add back format action (#13722)
2024-09-03 21:32:52 -07:00
import.live.rexport.js
run prettier and add back format action (#13722)
2024-09-03 21:32:52 -07:00
jsonc.test.ts
allow importing bun.lock (+ types for it) (#16244)
2025-01-12 20:08:56 -08:00
load-file-loader-a-lot.test.ts
run prettier and add back format action (#13722)
2024-09-03 21:32:52 -07:00
load-same-empty-js-file-a-lot.js
Fixes #9521 (#9530)
2024-03-21 00:06:24 -07:00
load-same-js-file-a-lot.js
Fixes #9521 (#9530)
2024-03-21 00:06:24 -07:00
load-same-js-file-a-lot.test.ts
Deflake test/js/bun/resolve/load-same-js-file-a-lot.test.ts
2025-12-25 17:43:43 -08:00
main-test-1.js
main-test-script.js
non-english-import.test.js
test: refactor spawnSync to spawn with describe.concurrent (#25849)
2026-01-06 15:37:56 +00:00
other-cjs.js
make import.meta behave better when query string is provided (#9399)
2024-03-15 22:44:23 -07:00
other.js
make import.meta behave better when query string is provided (#9399)
2024-03-15 22:44:23 -07:00
package.json
fix(resolver): allow builtins to be imported via subpath imports (#7505)
2023-12-07 01:51:21 -08:00
require-js2.js
require-js-top-level-await.js
require-js.js
require-json.json
require-referenceerror.snapshot.js
require.test.ts
Fix formatters not running in CI + delete unnecessary files (#19433)
2025-05-08 23:22:16 -07:00
resolve-bad-parent.test.mjs
Remove references to developers former name (#18319)
2025-03-20 00:53:46 -07:00
resolve-error.test.ts
Fix assertion failure on Windows in resolver (#21510)
2025-07-30 23:33:09 -07:00
resolve-test.js
Fix Bun.resolve() returning a promise throwing a raw exception instead of an Error (#21302)
2025-07-25 12:46:33 -07:00
resolve-ts.test.ts
run prettier and add back format action (#13722)
2024-09-03 21:32:52 -07:00
resolve-typescript-file.tsx
resolve.test.ts
Fix Bun.resolve() returning a promise throwing a raw exception instead of an Error (#21302)
2025-07-25 12:46:33 -07:00
second-child.mjs
run prettier and add back format action (#13722)
2024-09-03 21:32:52 -07:00
second.mjs
run prettier and add back format action (#13722)
2024-09-03 21:32:52 -07:00
startEnd.mjs
third.mjs