Prevent int overflow when uploading

2025-12-26 08:13:09 -06:00 · 2021-06-14 01:46:33 +02:00 · 2021-06-14 01:46:33 +02:00 · 40c7bfc9ed
parent 42ec1fcf09
commit 40c7bfc9ed
1 changed files with 12 additions and 0 deletions
--- a/mediaapi/routing/upload.go
+++ b/mediaapi/routing/upload.go
@ -147,6 +147,18 @@ func (r *uploadRequest) doUpload(
 	//   r.storeFileAndMetadata(ctx, tmpDir, ...)
 	// before you return from doUpload else we will leak a temp file. We could make this nicer with a `WithTransaction` style of
 	// nested function to guarantee either storage or cleanup.
+
+	// should not happen, but prevents any int overflows
+	if cfg.MaxFileSizeBytes != nil && *cfg.MaxFileSizeBytes+1 <= 0 {
+		r.Logger.WithFields(log.Fields{
+			"MaxFileSizeBytes": *cfg.MaxFileSizeBytes + 1,
+		}).Error("Error while transferring file, configured max_file_size_bytes overflows int64")
+		return &util.JSONResponse{
+			Code: http.StatusBadRequest,
+			JSON: jsonerror.Unknown("Failed to upload"),
+		}
+	}
+
 	lr := io.LimitReader(reqReader, int64(*cfg.MaxFileSizeBytes)+1)
 	hash, bytesWritten, tmpDir, err := fileutils.WriteTempFile(ctx, lr, cfg.AbsBasePath)
 	if err != nil {