diff --git a/pkg/yqlib/operator_multiply.go b/pkg/yqlib/operator_multiply.go index c4fee2df..bf2387a0 100644 --- a/pkg/yqlib/operator_multiply.go +++ b/pkg/yqlib/operator_multiply.go @@ -155,6 +155,8 @@ func repeatString(lhs *CandidateNode, rhs *CandidateNode) (*CandidateNode, error return nil, err } else if count < 0 { return nil, fmt.Errorf("Cannot repeat string by a negative number (%v)", count) + } else if count > 10000000 { + return nil, fmt.Errorf("Cannot repeat string by more than 100 million (%v)", count) } target.Value = strings.Repeat(stringNode.Value, count) diff --git a/pkg/yqlib/operator_multiply_test.go b/pkg/yqlib/operator_multiply_test.go index c055491e..e2c7063e 100644 --- a/pkg/yqlib/operator_multiply_test.go +++ b/pkg/yqlib/operator_multiply_test.go @@ -208,6 +208,14 @@ var multiplyOperatorScenarios = []expressionScenario{ expression: `"banana" * .n`, expectedError: "Cannot repeat string by a negative number (-4)", }, + { + description: "Multiply string X by more than 100 million", + // very large string.repeats causes a panic + skipDoc: true, + document: `n: 100000001`, + expression: `"banana" * .n`, + expectedError: "Cannot repeat string by more than 100 million (100000001)", + }, { description: "Multiply int node X string", document: `n: 4