From 56a0ea44cf7690ec012e1061677c9f9404d06d0b Mon Sep 17 00:00:00 2001 From: kolaente Date: Wed, 4 Feb 2026 19:48:05 +0100 Subject: [PATCH] fix(backgrounds): avoid integer overflow in max size calculation Keep maxSize as uint64 and cast safely when comparing with resp.ContentLength to avoid potential integer overflow. --- pkg/modules/background/unsplash/unsplash.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/modules/background/unsplash/unsplash.go b/pkg/modules/background/unsplash/unsplash.go index ca5432d87..cb65bee70 100644 --- a/pkg/modules/background/unsplash/unsplash.go +++ b/pkg/modules/background/unsplash/unsplash.go @@ -281,19 +281,19 @@ func (p *Provider) Set(s *xorm.Session, image *background.Image, project *models log.Debugf("Pinged unsplash download endpoint for photo %s", image.ID) // Enforce max file size to prevent OOM from unexpectedly large responses - maxSize := int64(config.GetMaxFileSizeInMBytes() * 1024 * 1024) - if resp.ContentLength > maxSize { + maxSize := config.GetMaxFileSizeInMBytes() * 1024 * 1024 + if resp.ContentLength > 0 && uint64(resp.ContentLength) > maxSize { return files.ErrFileIsTooLarge{Size: uint64(resp.ContentLength)} } // Buffer the response body so we have a seekable reader for S3 uploads. // Use LimitReader as a safety net in case Content-Length was missing or inaccurate. - limitedReader := io.LimitReader(resp.Body, maxSize+1) + limitedReader := io.LimitReader(resp.Body, int64(maxSize)+1) // #nosec G115 -- maxSize is configured, not user input bodyBytes, err := io.ReadAll(limitedReader) if err != nil { return err } - if int64(len(bodyBytes)) > maxSize { + if uint64(len(bodyBytes)) > maxSize { return files.ErrFileIsTooLarge{Size: uint64(len(bodyBytes))} }