mirror of
https://github.com/oven-sh/bun
synced 2026-02-10 02:48:50 +00:00
9a2dfee3ca
## Summary - Fixed buffer overflow in env_loader when parsing large environment variables with escape sequences - Replaced fixed 4096-byte buffer with a stack fallback allocator that automatically switches to heap allocation for larger values - Added comprehensive tests to prevent regression ## Background The env_loader previously used a fixed threadlocal buffer that could overflow when parsing environment variables containing escape sequences. This caused crashes when the parsed value exceeded 4KB. ## Changes - Replaced fixed buffer with `StackFallbackAllocator` that uses 4KB stack buffer for common cases and falls back to heap for larger values - Updated all env parsing functions to accept a reusable buffer parameter - Added proper memory cleanup with defer statements ## Test plan - [x] Added test cases for large environment variables with escape sequences - [x] Added test for values larger than 4KB - [x] Added edge case tests (empty quotes, escape at EOF) - [x] All existing env tests continue to pass fixes #11627 fixes BAPI-1274 🤖 Generated with [Claude Code](https://claude.ai/code) --------- Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>