Fixed panic on multipling string by very large number #2211

mikefarah · Dec 7, 2024 · 342efb2 · 342efb2
1 parent 2201381
commit 342efb2
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/pkg/yqlib/operator_multiply.go b/pkg/yqlib/operator_multiply.go
@@ -155,6 +155,8 @@ func repeatString(lhs *CandidateNode, rhs *CandidateNode) (*CandidateNode, error
 		return nil, err
 	} else if count < 0 {
 		return nil, fmt.Errorf("Cannot repeat string by a negative number (%v)", count)
+	} else if count > 10000000 {
+		return nil, fmt.Errorf("Cannot repeat string by more than 100 million (%v)", count)
 	}
 	target.Value = strings.Repeat(stringNode.Value, count)
 

diff --git a/pkg/yqlib/operator_multiply_test.go b/pkg/yqlib/operator_multiply_test.go
@@ -208,6 +208,14 @@ var multiplyOperatorScenarios = []expressionScenario{
 		expression:    `"banana" * .n`,
 		expectedError: "Cannot repeat string by a negative number (-4)",
 	},
+	{
+		description: "Multiply string X by more than 100 million",
+		// very large string.repeats causes a panic
+		skipDoc:       true,
+		document:      `n: 100000001`,
+		expression:    `"banana" * .n`,
+		expectedError: "Cannot repeat string by more than 100 million (100000001)",
+	},
 	{
 		description: "Multiply int node X string",
 		document: `n: 4