Skip to content

fix integer overflow in ReadFile buffer capacity computation#28849

Closed
robobun wants to merge 3 commits into
mainfrom
farm/dbf1e3fd/read-file-size-overflow
Closed

fix integer overflow in ReadFile buffer capacity computation#28849
robobun wants to merge 3 commits into
mainfrom
farm/dbf1e3fd/read-file-size-overflow

test: tighten regression assertion and drop per-test timeout

ba08550
Select commit
Loading
Failed to load commit list.
Claude / Claude Code Review completed Apr 4, 2026 in 23m 9s

Code review found 1 potential issue

Found 1 candidates, confirmed 1. See review comments for details.

Details

Severity Count
🔴 Important 0
🟡 Nit 0
🟣 Pre-existing 1
Severity File:Line Issue
🟣 Pre-existing src/bun.js/webcore/blob/read_file.zig:384-392 doReadLoop bun.handleOom crashes vs. graceful initCapacity OOM path

Annotations

Check notice on line 392 in src/bun.js/webcore/blob/read_file.zig

See this annotation in the file changed.

@claude claude / Claude Code Review

doReadLoop bun.handleOom crashes vs. graceful initCapacity OOM path 

This PR correctly makes the `initCapacity` OOM path graceful (sets `system_error`, rejects with ENOMEM), but `doReadLoop` still uses `bun.handleOom` for buffer growth during streaming reads — a pre-existing crash-on-OOM path. The fix makes the inconsistency more visible: `Bun.file("/dev/zero").slice(1).text()` now rejects gracefully, while `Bun.file("/dev/zero").text()` (no slice, `this.size=4096`, `initCapacity` succeeds) would still crash the process via `bun.handleOom` if the allocator runs O
View more details on Claude