fix: guard parseByteSize against uint64-to-int64 overflow

sangwa · claude · sangwa · commit 97ef6232221a · 2026-03-25T18:36:19.000-07:00
humanize.ParseBytes returns uint64; values above math.MaxInt64 (e.g.
"9EiB") would silently wrap to negative on the int64 cast. Now returns
a clear error instead.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/internal/config.go b/internal/config.go
@@ -3,6 +3,7 @@ package app
 import (
 	"fmt"
 	"log/slog"
+	"math"
 	"net/url"
 	"path/filepath"
 	"regexp"
@@ -336,6 +337,9 @@ func parseByteSize(s string) (int64, error) {
 	if err != nil {
 		return 0, fmt.Errorf("invalid byte size %q: %w", s, err)
 	}
+	if n > uint64(math.MaxInt64) {
+		return 0, fmt.Errorf("byte size %q overflows int64", s)
+	}
 	return int64(n), nil
 }
 
diff --git a/internal/endorsements_test.go b/internal/endorsements_test.go
@@ -474,6 +474,7 @@ func TestParseByteSize(t *testing.T) {
 		{"abc", 0, true},
 		{"-1MiB", 0, true},
 		{"-5", 0, true},
+		{"9EiB", 0, true}, // overflows int64
 	}
 
 	for _, tt := range tests {

Original file line number	Diff line number	Diff line change
`@@ -474,6 +474,7 @@ func TestParseByteSize(t *testing.T) {`
`474`	`474`	`{"abc", 0, true},`
`475`	`475`	`{"-1MiB", 0, true},`
`476`	`476`	`{"-5", 0, true},`
	`477`	`+ {"9EiB", 0, true}, // overflows int64`
`477`	`478`	`}`
`478`	`479`
`479`	`480`	`for _, tt := range tests {`