Skip to content

Fix integer overflow reading sliced non-regular file blobs#29284

Merged
Jarred-Sumner merged 2 commits into
mainfrom
farm/579739c9/fix-readfile-slice-overflow
Apr 14, 2026
Merged

Fix integer overflow reading sliced non-regular file blobs#29284
Jarred-Sumner merged 2 commits into
mainfrom
farm/579739c9/fix-readfile-slice-overflow

Fix integer overflow reading sliced non-regular file blobs

5eabf81
Select commit
Loading
Failed to load commit list.
Claude / Claude Code Review completed Apr 14, 2026 in 25m 25s

Code review found 1 potential issue

Found 3 candidates, confirmed 1. See review comments for details.

Details

Severity Count
🔴 Important 0
🟡 Nit 0
🟣 Pre-existing 1
Severity File:Line Issue
🟣 Pre-existing src/bun.js/webcore/blob/read_file.zig:347-353 Linux read_off never updated: remainingBuffer allows reads past max_length with partial chunks

Annotations

Check notice on line 353 in src/bun.js/webcore/blob/read_file.zig

See this annotation in the file changed.

@claude claude / Claude Code Review

Linux read_off never updated: remainingBuffer allows reads past max_length with partial chunks 

Pre-existing bug: in the Linux `ReadFile.doReadLoop` path, `this.read_off` is initialized to 0 and never incremented during the loop, so `remainingBuffer()` always caps each individual read at `max_length` bytes rather than `max_length - already_read` bytes. When data arrives in partial chunks, the accumulated buffer can exceed `max_length` by up to `max_length-1` bytes. The PR adds a test claiming to verify the N-byte cap, but the test writes all bytes atomically so the OS delivers exactly N by
View more details on Claude