Skip to content

fix: guard stringbuilder size overflows#1672

Merged
jpnurmi merged 2 commits intomasterfrom
jpnurmi/fix/stringbuilder-overflow
Apr 28, 2026
Merged

fix: guard stringbuilder size overflows#1672
jpnurmi merged 2 commits intomasterfrom
jpnurmi/fix/stringbuilder-overflow

Conversation

@jpnurmi
Copy link
Copy Markdown
Collaborator

@jpnurmi jpnurmi commented Apr 27, 2026

Reject stringbuilder_append and stringbuilder_reserve requests whose size arithmetic would wrap before comparing the requested size with the current allocation. On 32-bit targets, wrapped size_t arithmetic could make an oversized append look small enough to fit and skip buffer growth before copying the payload.

This also prevents the reserve growth loop from wrapping while doubling the allocation size for very large reservations. The added unit coverage exercises the append and reserve overflow paths without allocating large buffers.

jpnurmi and others added 2 commits April 27, 2026 12:00
@jpnurmi @codex
fix: Guard stringbuilder size overflows
e4d720a 
Reject stringbuilder append and reserve requests whose size arithmetic would wrap. This
prevents skipped buffer growth on 32-bit targets and avoids wrapping the
allocation growth loop for huge reservations.

Co-Authored-By: OpenAI Codex <noreply@openai.com>
@jpnurmi
Update CHANGELOG.md
e294b35
@jpnurmi jpnurmi merged commit 72e83f0 into master Apr 28, 2026
60 checks passed
@jpnurmi jpnurmi deleted the jpnurmi/fix/stringbuilder-overflow branch April 28, 2026 08:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JoshuaMoelans JoshuaMoelans JoshuaMoelans approved these changes

@mujacica mujacica mujacica approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jpnurmi @JoshuaMoelans @mujacica