mirrors/bun.sh
1
0
Fork 0
mirror of https://github.com/oven-sh/bun synced 2026-02-09 10:28:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
13,282 Commits 2,399 Branches 252 Tags
e5e9734c02845b7ca808e472eb6409cfec0a5203
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
robobun e5e9734c02 fix: HTMLRewriter no longer crashes when element handlers throw exceptions (#21848) 
## Summary

Comprehensive fixes for multiple HTMLRewriter bugs including crashes,
memory leaks, and improper error handling.

### 🚨 **Primary Issue Fixed** (#21680)
- **HTMLRewriter crash when element handlers throw exceptions** -
Process would crash with "ASSERTION FAILED: Unexpected exception
observed" when JavaScript callbacks in element handlers threw exceptions
- **Root cause**: Exceptions weren't properly handled by
JavaScriptCore's exception scope mechanism
- **Solution**: Used `CatchScope` to properly catch and propagate
exceptions through Bun's error handling system

### 🚨 **Additional Bugs Discovered & Fixed**

#### 1. **Memory Leaks in Selector Handling**
- **Issue**: `selector_slice` string was allocated but never freed when
`HTMLSelector.parse()` failed
- **Impact**: Memory leak on every invalid CSS selector
- **Fix**: Added proper `defer`/`errdefer` cleanup in `on_()` and
`onDocument_()` methods

#### 2. **Broken Selector Validation** 
- **Issue**: Invalid CSS selectors were silently succeeding instead of
throwing meaningful errors
- **Impact**: Silent failures made debugging difficult; invalid
selectors like `""`, `"<<<"`, `"div["` were accepted
- **Fix**: Changed `return createLOLHTMLError(global)` to `return
global.throwValue(createLOLHTMLError(global))`

#### 3. **Resource Cleanup on Handler Creation Failures**
- **Issue**: Allocated handlers weren't cleaned up if subsequent
operations failed
- **Impact**: Potential resource leaks in error paths
- **Fix**: Added `errdefer` blocks for proper handler cleanup

## Test plan

- [x] **Regression test** for original crash case
(`test/regression/issue/21680.test.ts`)
- [x] **Comprehensive edge case tests**
(`test/regression/issue/htmlrewriter-additional-bugs.test.ts`)
- [x] **All existing HTMLRewriter tests pass** (41 tests, 146
assertions)
- [x] **Memory leak testing** with repeated invalid selector operations
- [x] **Security testing** with malicious inputs, XSS attempts, large
payloads
- [x] **Concurrent usage testing** for thread safety and reuse patterns

### **Before (multiple bugs):**

#### Crash:
```bash
ASSERTION FAILED: Unexpected exception observed on thread Thread:0xf5a15e0000e0 at:
The exception was thrown from thread Thread:0xf5a15e0000e0 at:
Error Exception: abc
!exception() || m_vm.hasPendingTerminationException()
AddressSanitizer: CHECK failed: asan_poisoning.cpp:37
error: script "bd" was terminated by signal SIGABRT (Abort)
```

#### Silent Selector Failures:
```javascript
// These should throw but silently succeeded:
new HTMLRewriter().on("", handler);        // empty selector
new HTMLRewriter().on("<<<", handler);     // invalid CSS  
new HTMLRewriter().on("div[", handler);    // incomplete attribute
```

### **After (all issues fixed):**

#### Proper Exception Handling:
```javascript
try {
  new HTMLRewriter().on("script", {
    element(a) { throw new Error("abc"); }
  }).transform(new Response("<script></script>"));
} catch (e) {
  console.log("GOOD: Caught exception:", e.message); // "abc"
}
```

#### Proper Selector Validation:
```javascript
// Now properly throws with descriptive errors:
new HTMLRewriter().on("", handler);        // Throws: "The selector is empty"
new HTMLRewriter().on("<<<", handler);     // Throws: "The selector is empty" 
new HTMLRewriter().on("div[", handler);    // Throws: "Unexpected end of selector"
```

## Technical Details

### Exception Handling Fix
- Used `CatchScope` to properly catch JavaScript exceptions from
callbacks
- Captured exceptions in VM's `unhandled_pending_rejection_to_capture`
mechanism
- Cleared exceptions from scope to prevent assertion failures
- Returned failure status to LOLHTML to trigger proper error propagation

### Memory Management Fixes
- Added `defer bun.default_allocator.free(selector_slice)` for automatic
cleanup
- Added `errdefer` blocks for handler cleanup on failures
- Ensured all error paths properly release allocated resources

### Error Handling Improvements
- Fixed functions returning `bun.JSError!JSValue` to properly throw
errors
- Distinguished between functions that return errors vs. throw them
- Preserved original exception messages through the error chain

## Impact

 **No more process crashes** when HTMLRewriter handlers throw
exceptions
 **No memory leaks** from failed selector parsing operations  
 **Proper error messages** for invalid CSS selectors with specific
failure reasons
 **Improved reliability** across all edge cases and malicious inputs  
 **Maintains 100% backward compatibility** - all existing functionality
preserved

This makes HTMLRewriter significantly more robust and developer-friendly
while maintaining high performance.

Fixes #21680

🤖 Generated with [Claude Code](https://claude.ai/code)

---------

Co-authored-by: Claude Bot <claude-bot@bun.sh>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2025-08-15 22:35:38 -07:00
.buildkite
Revert "ci: lower windows test agent from c7i.2xlarge to c7i.xlarge (#21707)" (#21717)
2025-08-08 22:45:26 -07:00
.claude/commands
[publish images] Upgrade self-reported Node.js version from 22.6.0 to 24.3.0 (v2) (#20772)
2025-07-02 12:06:08 -07:00
.cursor
safety: a lot more exception checker progress (#20956)
2025-07-16 00:11:19 -07:00
.github
feat: add GitHub Action to auto-label Claude PRs (#21840)
2025-08-13 20:41:33 -07:00
.vscode
Introduce yarn.lock -> bun.lock{b} migrator (#16166)
2025-07-29 13:07:47 -07:00
bench
Introduce Bun.stripANSI (#21801)
2025-08-14 22:42:05 -07:00
cmake
Improve owned pointer types (#21908)
2025-08-15 19:05:25 -07:00
completions
Add comprehensive CLI flag parser for shell completions (#21604)
2025-08-07 15:38:35 -07:00
dockerhub
Update docker images from debian:bullseye to debian:bookworm (#18278)
2025-04-12 06:17:53 -07:00
docs
docs: Clarify security considerations for the Bun shell (#21691)
2025-08-14 14:35:44 -07:00
misctools
lldb: pretty printing for bun.String, ZigString, WTFStringImpl (#21685)
2025-08-07 17:51:33 -07:00
packages
Bun.redis getex all arguments (#21911)
2025-08-15 17:50:12 -07:00
patches
Upgrade libarchive to v3.8.1 (#21250)
2025-07-21 20:08:00 -07:00
scripts
ci: add 'internal assertion failure' to list of isAlwaysFailure
2025-08-15 13:23:14 -07:00
src
fix: HTMLRewriter no longer crashes when element handlers throw exceptions (#21848)
2025-08-15 22:35:38 -07:00
test
fix: HTMLRewriter no longer crashes when element handlers throw exceptions (#21848)
2025-08-15 22:35:38 -07:00
.clang-tidy
Reapply "Convert build scripts to CMake (#13427)"
2024-09-11 08:24:50 -07:00
.clangd
meta: fix disabling of clangd auto header insertion (#17172)
2025-02-10 02:04:21 -08:00
.cursorignore
Update .cursorignore
2024-12-26 11:48:30 -08:00
.dockerignore
bump webkit (#15328)
2024-12-12 03:21:56 -08:00
.editorconfig
Bring uSockets & uWebSockets forks into Bun's repository (#4372)
2023-08-28 08:38:30 -07:00
.git-blame-ignore-revs
Update .git-blame-ignore-revs
2025-06-13 16:16:14 -07:00
.gitattributes
Use "module": "Preserve" (#19655)
2025-05-14 18:43:15 -07:00
.gitignore
internal: add lldb inline comment tool
2025-08-05 03:23:16 -07:00
.lldbinit
Move LLDB initialization commands to make attach configuration work (#20085)
2025-05-30 19:33:03 -07:00
.mailmap
do not print duplicate code (#16231)
2025-01-07 20:19:12 -08:00
.prettierignore
disable async in script tags in dev server (#17517)
2025-02-21 11:28:27 -08:00
.prettierrc
fix vscode json handling in prettier (#10133)
2024-04-09 20:42:42 -07:00
.typos.toml
ci: check for typos in documentation (#16235)
2025-01-08 07:23:54 +00:00
AGENTS.md
Make AGENTS.md a symlink to CLAUDE.md
2025-06-27 21:13:21 -07:00
build.zig
Auto cpp->zig bindings (#20881)
2025-07-21 16:26:07 -07:00
bun.lock
Introduce Bun.stripANSI (#21801)
2025-08-14 22:42:05 -07:00
bunfig.node-test.toml
node:module compatibility pt 1 (#18106)
2025-03-12 15:47:41 -07:00
bunfig.toml
fix(install): isolated install aliased dependency name fix (#21138)
2025-07-19 01:59:52 -07:00
CLAUDE.md
Reduce stack space usage of parseSuffix (#21662)
2025-08-09 00:20:17 -07:00
CMakeLists.txt
Update CMakeLists.txt
2025-02-06 18:07:55 -08:00
CODE_OF_CONDUCT.md
Add a code of conduct
2022-09-03 20:54:15 -07:00
CONTRIBUTING.md
Auto cpp->zig bindings (#20881)
2025-07-21 16:26:07 -07:00
entitlements.debug.plist
Faster debug builds (#16354)
2025-01-12 20:03:24 -08:00
entitlements.plist
New subcommand: bun upgrade. It upgrades bun to the latest version.
2021-10-28 05:34:38 -07:00
LATEST
Bump
2025-08-10 11:38:31 -07:00
LICENSE.md
libdeflate (#12741)
2024-07-24 01:30:31 -07:00
oxlint.json
Fix several lints (#19121)
2025-04-19 05:41:34 -07:00
package.json
Delete makefile (#21863)
2025-08-14 14:44:47 -07:00
README.md
bun.sh -> bun.com (#20909)
2025-07-10 00:10:43 -07:00
SECURITY.md
bun.sh -> bun.com (#20909)
2025-07-10 00:10:43 -07:00
tsconfig.base.json
feat: new binding generator (#15638)
2024-12-10 12:43:17 -08:00
tsconfig.json
types: Rewrite to avoid conflicts and allow for doc generation (#18024)
2025-03-25 14:33:30 -07:00
workspace.code-workspace
go
2021-08-11 13:56:03 -07:00

README.md

Logo

Bun

stars Bun speed

Documentation   •   Discord   •   Issues   •   Roadmap

Read the docs →

What is Bun?

Bun is an all-in-one toolkit for JavaScript and TypeScript apps. It ships as a single executable called bun.

At its core is the Bun runtime, a fast JavaScript runtime designed as a drop-in replacement for Node.js. It's written in Zig and powered by JavaScriptCore under the hood, dramatically reducing startup times and memory usage.

bun run index.tsx             # TS and JSX supported out-of-the-box

The bun command-line tool also implements a test runner, script runner, and Node.js-compatible package manager. Instead of 1,000 node_modules for development, you only need bun. Bun's built-in tools are significantly faster than existing options and usable in existing Node.js projects with little to no changes.

bun test                      # run tests
bun run start                 # run the `start` script in `package.json`
bun install <pkg>             # install a package
bunx cowsay 'Hello, world!'   # execute a package

Install

Bun supports Linux (x64 & arm64), macOS (x64 & Apple Silicon) and Windows (x64).

Linux users — Kernel version 5.6 or higher is strongly recommended, but the minimum is 5.1.

x64 users — if you see "illegal instruction" or similar errors, check our CPU requirements

# with install script (recommended)
curl -fsSL https://bun.com/install | bash

# on windows
powershell -c "irm bun.com/install.ps1 | iex"

# with npm
npm install -g bun

# with Homebrew
brew tap oven-sh/bun
brew install bun

# with Docker
docker pull oven/bun
docker run --rm --init --ulimit memlock=-1:-1 oven/bun

Upgrade

To upgrade to the latest version of Bun, run:

bun upgrade

Bun automatically releases a canary build on every commit to main. To upgrade to the latest canary build, run:

bun upgrade --canary

View canary build

Quick links

Guides

Contributing

Refer to the Project > Contributing guide to start contributing to Bun.

License

Refer to the Project > License page for information about Bun's licensing.

Reference in New Issue View Git Blame Copy Permalink
Description
Bun is a fast, incrementally adoptable all-in-one JavaScript, TypeScript & JSX toolkit. Use individual tools like bun test or bun install in Node.js projects, or adopt the complete stack with a fast JavaScript runtime, bundler, test runner, and package manager built in. Bun aims for 100% Node.js compatibility.
Readme 680 MiB
Languages
Zig 60.5%
C++ 24.9%
TypeScript 8.3%
C 3.3%
JavaScript 1.4%
Other 1.1%