rodin/review-bot
2
1
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases 6 Wiki Activity

fix(gitea): address review findings — clamp overflow, clarify maxSize doc
PR Ready Gate / clear-labels (pull_request) Successful in 2s
Details
CI / test (pull_request) Successful in 17s
Details
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 39s
Details
CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m7s
Details
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m38s
Details

Browse Source 
- Clamp maxBytes+1 to prevent integer overflow to negative when
  maxBytes == math.MaxInt64 (falls back to math.MaxInt64)
- Update MaxDiffSize doc: 'any negative value' disables the limit,
  matching actual behavior of 'maxSize < 0' check
This commit is contained in:
claw
2026-05-13 05:17:14 -07:00
parent 235828ec42
commit 1a3050926e
1 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
gitea/client.go
+10 -3
View File
@@ -11,6 +11,7 @@ import (
"fmt" "fmt"
"io" "io"
"log/slog" "log/slog"
"math"
"net" "net"
"net/http" "net/http"
"net/url" "net/url"
@@ -69,7 +70,7 @@ type Client struct {
RetryBackoff []time.Duration RetryBackoff []time.Duration
// MaxDiffSize is the maximum number of bytes allowed when fetching a PR diff. // MaxDiffSize is the maximum number of bytes allowed when fetching a PR diff.
// If zero, defaults to DefaultMaxDiffSize (10 MB). Set to -1 to disable the limit. // If zero, defaults to DefaultMaxDiffSize (10 MB). Set to any negative value to disable the limit.
MaxDiffSize int64 MaxDiffSize int64
} }
@@ -442,7 +443,8 @@ func (c *Client) doGet(ctx context.Context, reqURL string) ([]byte, error) {
// doGetLimited performs an HTTP GET request with retry (like doGet) but enforces // doGetLimited performs an HTTP GET request with retry (like doGet) but enforces
// a maximum response body size. Returns ErrDiffTooLarge if the response exceeds // a maximum response body size. Returns ErrDiffTooLarge if the response exceeds
// maxBytes. It reads maxBytes+1 to detect overflow without buffering the entire body. // maxBytes. It reads maxBytes+1 (clamped to avoid overflow) to detect truncation
// without buffering the entire body.
func (c *Client) doGetLimited(ctx context.Context, reqURL string, maxBytes int64) ([]byte, error) { func (c *Client) doGetLimited(ctx context.Context, reqURL string, maxBytes int64) ([]byte, error) {
const maxAttempts = 3 const maxAttempts = 3
backoff := c.RetryBackoff backoff := c.RetryBackoff
@@ -495,7 +497,12 @@ func (c *Client) doGetLimited(ctx context.Context, reqURL string, maxBytes int64
} }
if resp.StatusCode >= 200 && resp.StatusCode < 300 { if resp.StatusCode >= 200 && resp.StatusCode < 300 {
// Read up to maxBytes+1 to detect overflow. // Read up to maxBytes+1 to detect overflow.
limited := io.LimitReader(resp.Body, maxBytes+1) // Clamp to prevent integer overflow when maxBytes == math.MaxInt64.
limitBytes := maxBytes + 1
if limitBytes <= 0 {
limitBytes = math.MaxInt64
}
limited := io.LimitReader(resp.Body, limitBytes)
body, err := io.ReadAll(limited) body, err := io.ReadAll(limited)
resp.Body.Close() resp.Body.Close()
if err != nil { if err != nil {