ivuorinen/gibidify
1
0
Fork 0
mirror of https://github.com/ivuorinen/gibidify.git synced 2026-02-06 02:45:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): prevent integer overflow in uint64 to int64 conversions

Browse Source 
Add overflow checks before converting uint64 memory values to int64
to prevent potential integer overflow issues identified by gosec (G115).

- Add math.MaxInt64 checks in fileproc/backpressure.go
- Add math.MaxInt64 checks in fileproc/resource_monitor_validation.go
- Add math.MaxInt64 checks in fileproc/resource_monitor_metrics.go
- Add math.MaxInt64 check in benchmark/benchmark.go with nosec annotation

Co-authored-by: ivuorinen <11024+ivuorinen@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2025-10-04 23:17:02 +00:00
parent dfda38ded4
commit e9bd694685
40 changed files with 331 additions and 328 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
fileproc/resource_monitor_validation.go
View File

@@ -1,6 +1,7 @@
package fileproc
import (
"math"
"runtime"
"sync/atomic"
"time"
@@ -88,7 +89,11 @@ func (rm *ResourceMonitor) CheckHardMemoryLimit() error {
var m runtime.MemStats
runtime.ReadMemStats(&m)
// Safe conversion: cap at MaxInt64 to prevent overflow
currentMemory := int64(m.Alloc)
if m.Alloc > math.MaxInt64 {
currentMemory = math.MaxInt64
}
if currentMemory > rm.hardMemoryLimitBytes {
rm.mu.Lock()
@@ -108,7 +113,11 @@ func (rm *ResourceMonitor) CheckHardMemoryLimit() error {
// Check again after GC
runtime.ReadMemStats(&m)
// Safe conversion: cap at MaxInt64 to prevent overflow
currentMemory = int64(m.Alloc)
if m.Alloc > math.MaxInt64 {
currentMemory = math.MaxInt64
}
if currentMemory > rm.hardMemoryLimitBytes {
// Still over limit, activate emergency stop
@@ -145,4 +154,4 @@ func (rm *ResourceMonitor) CheckHardMemoryLimit() error {
}
return nil
}
}