Skip to content

fix(buffer): prevent integer overflow in grow_if_necessary#3317

Open
bobzhang wants to merge 2 commits intomainfrom
hongbo/buffer-overflow-guard
Open

fix(buffer): prevent integer overflow in grow_if_necessary#3317
bobzhang wants to merge 2 commits intomainfrom
hongbo/buffer-overflow-guard

Conversation

@bobzhang
Copy link
Copy Markdown
Contributor

@bobzhang bobzhang commented Mar 19, 2026
edited by devin-ai-integration bot
Loading

Summary

The Buffer::grow_if_necessary doubles the capacity in a loop until it meets the required size. When the current capacity exceeds Int.max_value / 2 (~1 billion), space * 2 overflows to a negative value, causing either an infinite loop or a panic when allocating with a negative size.

Fix

Add a guard: when space > 1073741823 (Int max / 2), fall back to allocating exactly the required size instead of doubling.

Test plan

  • All 96 buffer tests pass

🤖 Generated with Claude Code

Open with Devin

devin-ai-integration[bot]
devin-ai-integration bot reviewed Mar 19, 2026
View reviewed changes
Copy link
Copy Markdown

@devin-ai-integration devin-ai-integration bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 2 additional findings.

Open in Devin Review

@coveralls
Copy link
Copy Markdown
Collaborator

coveralls commented Mar 19, 2026
edited
Loading

Pull Request Test Coverage Report for Build 3092

Details

  • 0 of 1 (0.0%) changed or added relevant line in 1 file are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage decreased (-0.006%) to 95.707%
Changes Missing Coverage Covered Lines Changed/Added Lines %
buffer/buffer.mbt 0 1 0.0%
Totals Coverage Status
Change from base Build 3090: -0.006%
Covered Lines: 13777
Relevant Lines: 14395
💛 - Coveralls

@bobzhang bobzhang force-pushed the hongbo/buffer-overflow-guard branch 3 times, most recently from 3d70abe to 8c2657b Compare March 20, 2026 01:10
bobzhang and others added 2 commits March 20, 2026 12:10
@bobzhang @claude
fix(buffer): prevent integer overflow in grow_if_necessary
5718a3a 
When the buffer capacity exceeds Int max / 2, doubling would overflow.
Add a guard to fall back to the exact required size instead.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@bobzhang @claude
docs: improve overflow guard comment in buffer grow
314ea48 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@bobzhang bobzhang force-pushed the hongbo/buffer-overflow-guard branch from 8c2657b to 314ea48 Compare March 20, 2026 04:10
peter-jerry-ye
peter-jerry-ye reviewed Mar 20, 2026
View reviewed changes
buffer/buffer.mbt
}
// Guard against integer overflow: when space > Int max / 2 (1073741823),
// doubling would exceed 32-bit Int range. Fall back to exact allocation.
if space > 1073741823 {
Copy link
Copy Markdown
Collaborator

@peter-jerry-ye peter-jerry-ye Mar 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We might use a constant instead of a random number. Also the current runtime should be put into account -> moonbitlang/moonbit-docs#1155

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@peter-jerry-ye peter-jerry-ye peter-jerry-ye left review comments

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bobzhang @coveralls @peter-jerry-ye