Skip to content

fix(volume): 🐛 use overflow-safe arithmetic in bounds checks#100

Merged
justapithecus merged 2 commits intomainfrom
andrew/fix/volume-overflow-safety
Feb 7, 2026
Merged

fix(volume): 🐛 use overflow-safe arithmetic in bounds checks#100
justapithecus merged 2 commits intomainfrom
andrew/fix/volume-overflow-safety

Conversation

@justapithecus
Copy link
Owner

@justapithecus justapithecus commented Feb 6, 2026

Summary

  • Rewrite all offset + length > limit patterns as length > limit - offset to prevent silent int64 overflow when offset is near math.MaxInt64
  • Affects 5 locations in volume.go: StageWriteAt, Commit, ReadAt, validateNoOverlaps, validateVolumeManifest
  • Add 7 overflow-specific tests exercising near-MaxInt64 values across all affected code paths

Detail

Go's int64 arithmetic wraps silently on overflow. A malformed BlockRef with Offset = math.MaxInt64 - 5, Length = 10 would cause Offset + Length to wrap to a small positive number, passing the bounds check offset + length > totalLength incorrectly.

The fix rewrites each check as length > totalLength - offset, which is overflow-safe because both offset and totalLength are validated non-negative upstream.

For validateNoOverlaps, the overlap check prevEnd > sorted[i].Offset (where prevEnd = sorted[i-1].Offset + sorted[i-1].Length) is rewritten as sorted[i-1].Length > sorted[i].Offset - sorted[i-1].Offset, safe because the slice is sorted in ascending offset order.

Test plan

  • All 7 new overflow tests pass
  • All existing Volume tests still pass
  • golangci-lint clean

🤖 Generated with Claude Code

justapithecus and others added 2 commits February 6, 2026 16:12
@justapithecus @claude
fix(volume): 🐛 use overflow-safe arithmetic in bounds checks
3d8d57f 
Rewrite all `offset + length > limit` patterns as `length > limit - offset`
to prevent silent int64 overflow when offset is near math.MaxInt64. Affects
5 locations: StageWriteAt, Commit, ReadAt, validateNoOverlaps, and
validateVolumeManifest.

Add 7 tests exercising near-MaxInt64 values across all affected code paths.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@justapithecus @claude
fix(volume): ✏️ correct test name and comments for overflow overlap c…
42b5a51 
…heck

The test asserts no overlap (non-overlapping blocks), so the name
"Detected" was misleading. Comments also described block order
backwards and mischaracterized the overflow risk as missed detection
rather than false-positive detection.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@justapithecus justapithecus merged commit ac7f303 into main Feb 7, 2026
5 checks passed
@justapithecus justapithecus deleted the andrew/fix/volume-overflow-safety branch February 7, 2026 00:23
@justapithecus justapithecus mentioned this pull request Feb 7, 2026
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@justapithecus