From 788c979ad18e5375fb6b6ca0b6fb3808c9ce2920 Mon Sep 17 00:00:00 2001
From: MHSanaei <ho3ein.sanaei@gmail.com>
Date: Tue, 19 May 2026 12:40:18 +0200
Subject: [PATCH] fix(client): guard against int overflow in
 ClientWithAttachments marshal

CodeQL flagged go/allocation-size-overflow on len(rec)+len(extra) feeding
make's capacity. Not exploitable in practice (both come from json.Marshal
of bounded structs), but add an explicit MaxInt guard to silence the
analyzer and make the precondition obvious.
---
 web/service/client.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/web/service/client.go b/web/service/client.go
index 70e9b516..d8dbb90b 100644
--- a/web/service/client.go
+++ b/web/service/client.go
@@ -6,6 +6,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"math"
 	"strings"
 	"sync"
 	"time"
@@ -47,6 +48,9 @@ func (c ClientWithAttachments) MarshalJSON() ([]byte, error) {
 	if len(rec) < 2 || rec[len(rec)-1] != '}' || len(extra) <= 2 {
 		return rec, nil
 	}
+	if len(extra) > math.MaxInt-len(rec) {
+		return rec, nil
+	}
 	out := make([]byte, 0, len(rec)+len(extra))
 	out = append(out, rec[:len(rec)-1]...)
 	if len(rec) > 2 {