fix(tui): prevent usize to u16 overflow in interactive renderer#38
Closed
fix(tui): prevent usize to u16 overflow in interactive renderer#38
Conversation
Greptile OverviewGreptile SummaryThis PR fixes two critical safety issues: a potential usize to u16 overflow in the TUI renderer and UTF-8 boundary violations in agent mention parsing. Key Changes:
Both fixes are defensive, well-implemented, and include proper test coverage. The changes prevent potential runtime panics without altering the intended behavior. Confidence Score: 5/5
|
| Filename | Overview |
|---|---|
| src/cortex-tui/src/interactive/renderer.rs | Added saturating conversions to prevent usize to u16 overflow in required_height() calculation |
| src/cortex-agents/src/mention.rs | Added UTF-8 boundary validation with safe_slice_up_to and safe_slice_from helper functions, comprehensive test coverage included |
Sequence Diagram
sequenceDiagram
participant User
participant InteractiveWidget
participant Renderer
participant MentionParser
Note over User,MentionParser: Overflow Prevention Flow
User->>InteractiveWidget: Request widget with many items
InteractiveWidget->>InteractiveWidget: Calculate required_height()
Note over InteractiveWidget: items_count (usize) could exceed u16::MAX
InteractiveWidget->>InteractiveWidget: u16::try_from(items_count)
alt items_count > 65535
InteractiveWidget->>InteractiveWidget: Return u16::MAX
else items_count <= 65535
InteractiveWidget->>InteractiveWidget: Return items_count as u16
end
InteractiveWidget->>InteractiveWidget: saturating_add(header_height)
InteractiveWidget->>InteractiveWidget: saturating_add(search_height)
InteractiveWidget->>InteractiveWidget: saturating_add(hints_height)
InteractiveWidget->>InteractiveWidget: saturating_add(border_height)
InteractiveWidget->>Renderer: Return safe height (no overflow)
Note over User,MentionParser: UTF-8 Boundary Safety Flow
User->>MentionParser: Parse text with multibyte chars: "日本語 @general task"
MentionParser->>MentionParser: find_first_valid_mention()
MentionParser->>MentionParser: Get mention.start and mention.end
Note over MentionParser: Byte positions may not align with char boundaries
MentionParser->>MentionParser: safe_slice_up_to(text, mention.start)
alt mention.start is char boundary
MentionParser->>MentionParser: Return &text[..mention.start]
else mention.start inside multibyte char
MentionParser->>MentionParser: Search backwards for valid boundary
MentionParser->>MentionParser: Return &text[..valid_pos]
end
MentionParser->>MentionParser: safe_slice_from(text, mention.end)
alt mention.end is char boundary
MentionParser->>MentionParser: Return &text[mention.end..]
else mention.end inside multibyte char
MentionParser->>MentionParser: Search forwards for valid boundary
MentionParser->>MentionParser: Return &text[valid_pos..]
end
MentionParser->>User: Return parsed result (no panic)
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
echobt
added a commit
that referenced
this pull request
Feb 4, 2026
… prevention This PR consolidates the following fixes: - #38: Prevent usize to u16 overflow in interactive renderer - #42: Prevent usize to u16 overflow in card count displays - #58: Fix cursor positioning and underflow in selection list - #59: Fix mention popup positioning and Unicode width calculation - #60: Improve autocomplete popup positioning and width calculation - #64: Prevent underflow in dropdown navigation and scroll calculations - #66: Prevent panic in HelpBrowserState when sections empty All changes target the TUI components to improve robustness: - Added saturating casts for u16 conversions - Fixed cursor positioning calculations - Added bounds checking for empty sections - Improved Unicode width handling for popups
Contributor
Author
|
Consolidated into #69 - fix(tui): consolidated TUI fixes for overflow, positioning, and panic prevention |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #5296 - InteractiveRenderer required_height usize to u16 cast overflow.
Problem
Unchecked cast from usize to u16 can silently truncate values exceeding 65535.
Solution
Used saturating conversion with u16::MAX cap to prevent overflow.