fix(client): guard against int overflow in ClientWithAttachments marshal

CodeQL flagged go/allocation-size-overflow on len(rec)+len(extra) feeding make's capacity. Not exploitable in practice (both come from json.Marshal of bounded structs), but add an explicit MaxInt guard to silence the analyzer and make the precondition obvious.
2026-05-26 15:13:29 +00:00 · 2026-05-19 12:40:18 +02:00
parent 66f946ee54
commit 788c979ad1
1 changed files with 4 additions and 0 deletions
--- a/web/service/client.go
+++ b/web/service/client.go
@@ -6,6 +6,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"math"
 	"strings"
 	"sync"
 	"time"
@@ -47,6 +48,9 @@ func (c ClientWithAttachments) MarshalJSON() ([]byte, error) {
 	if len(rec) < 2 || rec[len(rec)-1] != '}' || len(extra) <= 2 {
 		return rec, nil
 	}
+	if len(extra) > math.MaxInt-len(rec) {
+		return rec, nil
+	}
 	out := make([]byte, 0, len(rec)+len(extra))
 	out = append(out, rec[:len(rec)-1]...)
 	if len(rec) > 2 {