The test literal "ab" * 4611686018427387904 (2^62) exceeds MaxInt32,
so parseInt rejects it before the size guard runs. Compute the count
with 1 << (bits.UintSize - 2) to yield 2^30 on 32-bit and 2^62 on
64-bit. Both values, when doubled by len("ab"), wrap past MaxInt and
bypass a naive len*count guard, exercising the division-safe check
added in #2644.
Signed-off-by: Jan Dubois <jan@jandubois.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The existing check (count > 10 million) does not account for string
length. A 68-byte string repeated 35 trillion times passes the count
check but panics in strings.Repeat with "makeslice: len out of range".
Smaller counts (e.g. 10 million * 6-byte string = 60 MB) cause OOM on
memory-constrained environments like OSS-Fuzz (2560 MB limit).
Replace the count-only check with a result size check: the product of
string length and repeat count must not exceed 10 MiB. Use division
(len > limit/count) instead of multiplication (len*count > limit) to
avoid integer overflow — a large count can wrap the product to a
negative value, bypassing the guard entirely.
Fixes at least four OSS-Fuzz bugs found via Lima's FuzzEvaluateExpression:
https://issues.oss-fuzz.com/issues/418818862 (makeslice overflow)
https://issues.oss-fuzz.com/issues/422001683 (timeout from huge alloc)
https://issues.oss-fuzz.com/issues/383195001 (OOM, 3 GB allocation)
https://issues.oss-fuzz.com/issues/385180606 (OOM, 97 TB allocation)
Signed-off-by: Jan Dubois <jan@jandubois.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Remove extra backtick
* Reword explanation of update
* Reword explanation of relative update
* Change "remaple" to "remain"
* Change "clovver" to "clobber"
* Reword explanation of update for comment operators
* Reword explanation of relative update for comment operators
* Change "array" to "expression"
* Change "the golangs" to "Golang's"
* Change "golangs" to "Golang's"
* Change "can durations" to "can add durations"
* Change "array scalars" to "arrays"
* Change "beit" to "be it"
* Fix typo in `eval` tip
* Fix typo in header for `has` operation
* Add space before pipe in `line` operator example
* Fix typos in explanation of deep array merges
* Change "is now used" to "is now used."
* Change "object," to "object."
* Changes "indexes" to "indices"
* Remove extraneous copied text from `..` article
* Reword explanation of `...` operator
* Change "your are" to "you are"
* Add link to `string` operator docs in `select` article
* Change "is a" to "parameter specifies" in `string` operators article
* Change "new line" to "newline"
* Change "golang regex" to "Golang's regex"
* Change "golang" to "Golang"
* Add period
* Remove comma in `subtract` article
* Remove duplicate number subtraction example
* Remove comma in `traverse` operator article
* Clarify use of brackets when `read`ing with special characters
