From 463f2b7dabcc3fa9d90a14b88ce81262abdd71c7 Mon Sep 17 00:00:00 2001
From: Zilin Zhu <zhuzilinallen@gmail.com>
Date: Mon, 8 Aug 2022 15:54:13 +0800
Subject: fix segfault for query().all() with more than 64 properties (#1025)

* fix segfault for query().all() with more than 64 properties

* Update src/bun.js/bindings/sqlite/JSSQLStatement.cpp

Co-authored-by: Jarred Sumner <jarred@jarredsumner.com>
---
 src/bun.js/bindings/sqlite/JSSQLStatement.cpp | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'src/bun.js/bindings/sqlite/JSSQLStatement.cpp')

diff --git a/src/bun.js/bindings/sqlite/JSSQLStatement.cpp b/src/bun.js/bindings/sqlite/JSSQLStatement.cpp
index 7f90360f6..98a4e729e 100644
--- a/src/bun.js/bindings/sqlite/JSSQLStatement.cpp
+++ b/src/bun.js/bindings/sqlite/JSSQLStatement.cpp
@@ -886,10 +886,17 @@ static inline JSC::JSValue constructResultObject(JSC::JSGlobalObject* lexicalGlo
     int count = columnNames.size();
     auto& vm = lexicalGlobalObject->vm();
 
+    // 64 is the maximum we can preallocate here
+    // see https://github.com/oven-sh/bun/issues/987
 #if SQL_USE_PROTOTYPE == 1
-    JSC::JSObject* result = JSC::JSFinalObject::create(vm, castedThis->_prototype.get()->structure());
+    JSC::JSObject* result;
+    if (count <= 64) {
+      result = JSC::JSFinalObject::create(vm, castedThis->_prototype.get()->structure());
+    } else {
+      result = JSC::JSFinalObject::create(vm, JSC::JSFinalObject::createStructure(vm, lexicalGlobalObject, lexicalGlobalObject->objectPrototype(), count));
+    }
 #else
-    JSC::JSObject* result = JSC::JSFinalObject::create(vm, JSC::JSFinalObject::createStructure(vm, lexicalGlobalObject, lexicalGlobalObject->objectPrototype(), count));
+    JSC::JSObject* result = JSC::JSFinalObject::create(vm, JSC::JSFinalObject::createStructure(vm, lexicalGlobalObject, lexicalGlobalObject->objectPrototype(), std::min(count, 64)));
 #endif
     auto* stmt = castedThis->stmt;
 
-- 
cgit v1.2.3