robobun 9907c2e9fa fix(patch): add bounds checking to prevent segfault during patch application (#21939) ...

## Summary

- Fixes segmentation fault when applying patches with out-of-bounds line
numbers
- Adds comprehensive bounds checking in patch application logic
- Includes regression tests to prevent future issues

## Problem

Previously, malformed patches with line numbers beyond file bounds could
cause segmentation faults by attempting to access memory beyond
allocated array bounds in `addManyAt()` and `replaceRange()` calls.

## Solution

Added bounds validation at four key points in `src/patch.zig`:

1. **Hunk start position validation** (line 283-286) - Ensures hunk
starts within file bounds
2. **Context line validation** (line 294-297) - Validates context lines
exist within bounds
3. **Insertion position validation** (line 302-305) - Checks insertion
position is valid
4. **Deletion range validation** (line 317-320) - Ensures deletion range
is within bounds

All bounds violations now return `EINVAL` error gracefully instead of
crashing.

## Test Coverage

Added comprehensive regression tests in
`test/regression/issue/patch-bounds-check.test.ts`:

- ✅ Out-of-bounds insertion attempts
- ✅ Out-of-bounds deletion attempts  
- ✅ Out-of-bounds context line validation
- ✅ Valid patch application (positive test case)

Tests verify that `bun install` completes gracefully when encountering
malformed patches, with no crashes or memory corruption.

## Test Results

```
bun test v1.2.21
✅ Bounds checking working: bun install completed gracefully despite malformed patch
✅ Bounds checking working: bun install completed gracefully despite deletion beyond bounds
✅ Bounds checking working: bun install completed gracefully despite context lines beyond bounds

 4 pass
 0 fail
 22 expect() calls
Ran 4 tests across 1 file. [4.70s]
```

🤖 Generated with [Claude Code](https://claude.ai/code)

---------

Co-authored-by: Claude Bot <claude-bot@bun.sh>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Jarred Sumner <jarred@jarredsumner.com>
Co-authored-by: Zack Radisic <56137411+zackradisic@users.noreply.github.com>

2025-09-12 23:44:48 -07:00

..

__snapshots__

Update interactive spacing (#21156)

2025-07-19 04:11:28 -07:00

create

Use ReadableStream.prototype.* in tests instead of new Response(...).* (#20937)

2025-07-14 00:47:53 -07:00

env

Add BUN_OPTIONS env var (#19766)

2025-05-24 13:36:51 -07:00

hot

feat(minify): optimize Error constructors by removing 'new' keyword (#22493)

2025-09-09 15:00:40 -07:00

init

bun init: Add --react flag (#19687)

2025-05-16 23:40:56 -07:00

inspect

Fix: deprecated goo.gl links in snapshots raised in issue #20086 (#20424)

2025-07-05 00:58:42 -07:00

install

fix(patch): add bounds checking to prevent segfault during patch application (#21939)

2025-09-12 23:44:48 -07:00

run

add _compile to Module prototype (#22565)

2025-09-10 23:01:57 -07:00

test

-t should not run {before,after}{Each,All} for scopes with no tests (#21602)

2025-08-04 19:30:09 -07:00

watch

safety: a lot more exception checker progress (#20956)

2025-07-16 00:11:19 -07:00

bun.test.ts

run prettier and add back format action (#13722)

2024-09-03 21:32:52 -07:00

console-depth.test.ts

Make --console-depth=0 enable infinite depth instead of zero depth (#21038)

2025-07-14 07:45:20 -07:00

update_interactive_formatting.test.ts

add catalog support to bun (outdated|update -i) and --filter to bun update -i (#21482)

2025-08-05 05:12:22 -07:00

update_interactive_snapshots.test.ts

Update interactive spacing (#21156)

2025-07-19 04:11:28 -07:00

user-agent.test.ts

Add --user-agent flag to customize HTTP request User-Agent header (#21894)

2025-08-15 17:51:35 -07:00