Crash in PrettyWriter (or Writer) with large strings

[davidjward30]

Platform: Windows 11 24H2 Compiler: Microsoft Visual Studio 17.14.7 Platform: x64 RAM: 64GB rapidjson version: commit 24b5e7a8b27f42fa16b96fc70aade9106cf7102f (latest as of time of submission).

Reproduction details. Build and run this console application:

#include <rapidjson/prettywriter.h>
#include <rapidjson/stringbuffer.h>
#include <iostream>
#include <string>

int main()
{
    rapidjson::StringBuffer ss;
    rapidjson::PrettyWriter<rapidjson::StringBuffer> writer(ss);

    writer.StartObject();
    writer.String("array");
    writer.StartArray();

    size_t size = 800000000;   // Seems to crash in the approx range:   720000000 < size < 840000000
    
    std::string val(size, 'a');
    writer.String(val.c_str());
    writer.EndArray();
    writer.EndObject();

    std::string result = ss.GetString();
    std::cout << "Generated string of size: " << result.size() << std::endl;
}

Expected result: Message on console along the lines of Generated string of size: xxxxxxxxxx

Actual result: Crash. In debug I get a failed assertion:

Assertion failed: static_cast<std::ptrdiff_t>(sizeof(T) * count) <= (stackEnd_ - stackTop_), file rapidjson\include\rapidjson\internal\stack.h, line 131

Call stack:

>	ucrtbased.dll!issue_debug_notification(const wchar_t * const message) Line 28	C++
 	ucrtbased.dll!__acrt_report_runtime_error(const wchar_t * message) Line 154	C++
 	ucrtbased.dll!abort() Line 61	C++
 	ucrtbased.dll!common_assert_to_stderr_direct(const wchar_t * const expression, const wchar_t * const file_name, const unsigned int line_number) Line 161	C++
 	ucrtbased.dll!common_assert_to_stderr<wchar_t>(const wchar_t * const expression, const wchar_t * const file_name, const unsigned int line_number) Line 179	C++
 	ucrtbased.dll!common_assert<wchar_t>(const wchar_t * const expression, const wchar_t * const file_name, const unsigned int line_number, void * const return_address) Line 420	C++
 	ucrtbased.dll!_wassert(const wchar_t * expression, const wchar_t * file_name, unsigned int line_number) Line 444	C++
 	RapidJsonIssue.exe!rapidjson::internal::Stack<rapidjson::CrtAllocator>::PushUnsafe<char>(unsigned __int64 count) Line 131	C++
 	RapidJsonIssue.exe!rapidjson::GenericStringBuffer<rapidjson::UTF8<char>,rapidjson::CrtAllocator>::PutUnsafe(char c) Line 57	C++
 	RapidJsonIssue.exe!rapidjson::PutUnsafe<rapidjson::UTF8<char>,rapidjson::CrtAllocator>(rapidjson::GenericStringBuffer<rapidjson::UTF8<char>,rapidjson::CrtAllocator> & stream, char c) Line 106	C++
 	RapidJsonIssue.exe!rapidjson::Transcoder<rapidjson::UTF8<char>,rapidjson::UTF8<char>>::TranscodeUnsafe<rapidjson::GenericStringStream<rapidjson::UTF8<char>>,rapidjson::GenericStringBuffer<rapidjson::UTF8<char>,rapidjson::CrtAllocator>>(rapidjson::GenericStringStream<rapidjson::UTF8<char>> & is, rapidjson::GenericStringBuffer<rapidjson::UTF8<char>,rapidjson::CrtAllocator> & os) Line 700	C++
 	RapidJsonIssue.exe!rapidjson::Writer<rapidjson::GenericStringBuffer<rapidjson::UTF8<char>,rapidjson::CrtAllocator>,rapidjson::UTF8<char>,rapidjson::UTF8<char>,rapidjson::CrtAllocator,0>::WriteString(const char * str, unsigned int length) Line 448	C++
 	RapidJsonIssue.exe!rapidjson::PrettyWriter<rapidjson::GenericStringBuffer<rapidjson::UTF8<char>,rapidjson::CrtAllocator>,rapidjson::UTF8<char>,rapidjson::UTF8<char>,rapidjson::CrtAllocator,0>::String(const char * str, unsigned int length, bool copy) Line 114	C++
 	RapidJsonIssue.exe!rapidjson::PrettyWriter<rapidjson::GenericStringBuffer<rapidjson::UTF8<char>,rapidjson::CrtAllocator>,rapidjson::UTF8<char>,rapidjson::UTF8<char>,rapidjson::CrtAllocator,0>::String(const char * str) Line 187	C++
 	RapidJsonIssue.exe!main() Line 18	C++
 	RapidJsonIssue.exe!invoke_main() Line 79	C++
 	RapidJsonIssue.exe!__scrt_common_main_seh() Line 288	C++
 	RapidJsonIssue.exe!__scrt_common_main() Line 331	C++
 	RapidJsonIssue.exe!mainCRTStartup(void * __formal) Line 17	C++

I get the same issue when using Writer instread of PrettyWriter