From 342efb23ff8def40c7f78016f8a359a2325f351a Mon Sep 17 00:00:00 2001 From: Mike Farah Date: Sat, 7 Dec 2024 16:53:40 +1100 Subject: [PATCH] Fixed panic on multipling string by very large number #2211 --- pkg/yqlib/operator_multiply.go | 2 ++ pkg/yqlib/operator_multiply_test.go | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/pkg/yqlib/operator_multiply.go b/pkg/yqlib/operator_multiply.go index c4fee2df..bf2387a0 100644 --- a/pkg/yqlib/operator_multiply.go +++ b/pkg/yqlib/operator_multiply.go @@ -155,6 +155,8 @@ func repeatString(lhs *CandidateNode, rhs *CandidateNode) (*CandidateNode, error return nil, err } else if count < 0 { return nil, fmt.Errorf("Cannot repeat string by a negative number (%v)", count) + } else if count > 10000000 { + return nil, fmt.Errorf("Cannot repeat string by more than 100 million (%v)", count) } target.Value = strings.Repeat(stringNode.Value, count) diff --git a/pkg/yqlib/operator_multiply_test.go b/pkg/yqlib/operator_multiply_test.go index c055491e..e2c7063e 100644 --- a/pkg/yqlib/operator_multiply_test.go +++ b/pkg/yqlib/operator_multiply_test.go @@ -208,6 +208,14 @@ var multiplyOperatorScenarios = []expressionScenario{ expression: `"banana" * .n`, expectedError: "Cannot repeat string by a negative number (-4)", }, + { + description: "Multiply string X by more than 100 million", + // very large string.repeats causes a panic + skipDoc: true, + document: `n: 100000001`, + expression: `"banana" * .n`, + expectedError: "Cannot repeat string by more than 100 million (100000001)", + }, { description: "Multiply int node X string", document: `n: 4