From 07e50cc634ea32c808b5d753792a7f9200091455 Mon Sep 17 00:00:00 2001
From: orbisai0security <orbisai0security@users.noreply.github.com>
Date: Wed, 31 Dec 2025 09:11:45 +0000
Subject: [PATCH] fix: resolve high vulnerability V-001

Automatically generated security fix
---
 fuzz/fuzz_eval.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/fuzz/fuzz_eval.c b/fuzz/fuzz_eval.c
index aa26f1efc..48b905ca8 100644
--- a/fuzz/fuzz_eval.c
+++ b/fuzz/fuzz_eval.c
@@ -26,7 +26,20 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         return 0;
 
     JSRuntime *rt = JS_NewRuntime();
+    if (!rt)
+        return 0;
+    
+    // Set resource limits immediately after runtime creation to prevent resource exhaustion
+    JS_SetMemoryLimit(rt, 0x4000000);  // 64 MB memory limit
+    JS_SetMaxStackSize(rt, 0x10000);   // 64 KB stack limit
+    JS_SetGCThreshold(rt, 0x400000);   // 4 MB GC threshold
+    
     JSContext *ctx = JS_NewContext(rt);
+    if (!ctx) {
+        JS_FreeRuntime(rt);
+        return 0;
+    }
+    
     test_one_input_init(rt, ctx);
 
     uint8_t *null_terminated_data = malloc(size + 1);