fix segfault for query().all() with more than 64 properties (#1025)

* fix segfault for query().all() with more than 64 properties

* Update src/bun.js/bindings/sqlite/JSSQLStatement.cpp

Co-authored-by: Jarred Sumner <jarred@jarredsumner.com>

1 files changed, 9 insertions, 2 deletions

diff --git a/src/bun.js/bindings/sqlite/JSSQLStatement.cpp b/src/bun.js/bindings/sqlite/JSSQLStatement.cpp
index 7f90360f6..98a4e729e 100644
--- a/src/bun.js/bindings/sqlite/JSSQLStatement.cpp
+++ b/src/bun.js/bindings/sqlite/JSSQLStatement.cpp
@@ -886,10 +886,17 @@ static inline JSC::JSValue constructResultObject(JSC::JSGlobalObject* lexicalGlo
     int count = columnNames.size();
     auto& vm = lexicalGlobalObject->vm();
 
+    // 64 is the maximum we can preallocate here
+    // see https://github.com/oven-sh/bun/issues/987
 #if SQL_USE_PROTOTYPE == 1
-    JSC::JSObject* result = JSC::JSFinalObject::create(vm, castedThis->_prototype.get()->structure());
+    JSC::JSObject* result;
+    if (count <= 64) {
+      result = JSC::JSFinalObject::create(vm, castedThis->_prototype.get()->structure());
+    } else {
+      result = JSC::JSFinalObject::create(vm, JSC::JSFinalObject::createStructure(vm, lexicalGlobalObject, lexicalGlobalObject->objectPrototype(), count));
+    }
 #else
-    JSC::JSObject* result = JSC::JSFinalObject::create(vm, JSC::JSFinalObject::createStructure(vm, lexicalGlobalObject, lexicalGlobalObject->objectPrototype(), count));
+    JSC::JSObject* result = JSC::JSFinalObject::create(vm, JSC::JSFinalObject::createStructure(vm, lexicalGlobalObject, lexicalGlobalObject->objectPrototype(), std::min(count, 64)));
 #endif
     auto* stmt = castedThis->stmt;