]> git.kaiwu.me - njs.git/commit
Cap string-producing chb chains in core builtins
authorDmitry Volyntsev <xeioex@nginx.com>
Tue, 21 Apr 2026 04:32:19 +0000 (21:32 -0700)
committerDmitry Volyntsev <xeioexception@gmail.com>
Wed, 10 Jun 2026 20:38:58 +0000 (13:38 -0700)
commitc1635a7c11f1d6b5542f855f7f01148e656dba97
tree517bbee5cfcde1c4e54d659844f41293f7965ad2
parent5f5e990012758e72df7414d7d26b0982b8209964
Cap string-producing chb chains in core builtins

Overflow now trips during chain growth and surfaces as a catchable
RangeError("invalid string length") instead of continuing to inflate
the VM memory pool until the process OOMs.

Out of scope (non-JS-string chains):
  - njs_vm.c AST serialization
  - njs_json.c njs_vm_value_dump (console.log value dump)
  - njs_function.c new Function() source assembly
  - njs_error.c error message composition
  - external/ modules on both engines (querystring, xml, zlib)

This fixes OOM in staging/sm/String/replace-math Tests262.
src/njs_array.c
src/njs_json.c
src/njs_regexp.c
src/njs_string.c
src/njs_typed_array.c
src/test/njs_unit_test.c