Address #1702 with extra bounds check.

The buffer overflow happened because we were creating many upvalue slots in the compiler without using them, along with some faulty logic that used the wrong length to check for the bitmap's bounds.
2026-06-04 19:52:15 +00:00 · 2026-01-23 07:33:05 -06:00
parent 883dde4fa5
commit 4dd08a4cde
4 changed files with 10 additions and 4 deletions
@@ -202,5 +202,10 @@
 (assert-no-error "def destructure splice works 2" (do (def (n) [(splice [])]) n))
 (assert-no-error "var destructure splice works" (do (var [a] [;[1]]) a))

-(end-suite)
+# Issue #1702 - fuzz case with upvalues
+(each item [1 2 3]
+  # Generate a lot of upvalues (more than 224)
+  (def ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;out-buf @"")
+  (with-dyns [:out out-buf] 1))

+(end-suite)