Skip to content

fix(engine): use saturating casts in git_info to prevent overflow #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
echobt wants to merge 3 commits into from
Closed

fix(engine): use saturating casts in git_info to prevent overflow #39

echobt wants to merge 3 commits into from

Conversation

@echobt
Copy link
Contributor

@echobt echobt commented Feb 4, 2026

Summary

Fixes #5185 - git_info.rs uses unchecked narrowing casts.

Problem

Several type conversions can silently truncate large values.

Solution

Applied saturating conversions to prevent silent truncation.

@greptile-apps
Copy link

greptile-apps bot commented Feb 4, 2026

Greptile Overview

Greptile Summary

Applied saturating type conversions across three modules to prevent overflow and panic scenarios when converting between usize, u32, and u16 types, and when slicing UTF-8 strings.

Key Changes:

  • git_info.rs: Replaced direct as u32 casts with .min(u32::MAX as usize) as u32 for counting git changes, untracked files, and stash indices
  • renderer.rs: Used u16::try_from().unwrap_or(u16::MAX) and saturating_add for UI height calculations to prevent overflow in terminal rendering
  • mention.rs: Added safe_slice_up_to and safe_slice_from helper functions to validate UTF-8 boundaries before slicing, preventing panics with multi-byte characters (emojis, CJK text, etc.)

The changes follow Rust safety best practices by ensuring operations clamp to maximum values rather than silently truncating or panicking. The mention.rs changes include comprehensive test coverage for UTF-8 edge cases.

Confidence Score: 5/5

  • This PR is safe to merge with no concerns
  • All changes correctly implement saturating conversions to prevent overflow. The code follows Rust best practices, includes comprehensive test coverage for UTF-8 edge cases, and only affects type safety without changing business logic
  • No files require special attention

Important Files Changed
Filename Overview
src/cortex-engine/src/git_info.rs Applied saturating casts to prevent overflow when counting git changes and stash indices
src/cortex-tui/src/interactive/renderer.rs Used try_from with saturating addition to safely handle height calculations and prevent u16 overflow
src/cortex-agents/src/mention.rs Added UTF-8 boundary validation helpers and comprehensive tests to prevent panics when slicing strings with multi-byte characters

Sequence Diagram

sequenceDiagram
    participant User
    participant GitInfo
    participant TUI
    participant MentionParser
    
    Note over GitInfo,MentionParser: Overflow Prevention Flow
    
    User->>GitInfo: Get repository status
    GitInfo->>GitInfo: Count changed files (usize)
    GitInfo->>GitInfo: Apply .min(u32::MAX as usize) as u32
    GitInfo-->>User: Return safe u32 count
    
    User->>GitInfo: List stashes
    GitInfo->>GitInfo: Enumerate stashes (usize)
    GitInfo->>GitInfo: Apply i.min(u32::MAX as usize) as u32
    GitInfo-->>User: Return safe u32 index
    
    User->>TUI: Calculate widget height
    TUI->>TUI: Get items_count (usize)
    TUI->>TUI: Apply u16::try_from().unwrap_or(u16::MAX)
    TUI->>TUI: Use saturating_add for height components
    TUI-->>User: Return safe u16 height
    
    User->>MentionParser: Parse mention with UTF-8 text
    MentionParser->>MentionParser: Check is_char_boundary(pos)
    alt Invalid boundary
        MentionParser->>MentionParser: Find nearest valid boundary
    end
    MentionParser-->>User: Return valid string slice
Loading

greptile-apps[bot]
greptile-apps bot reviewed Feb 4, 2026
View reviewed changes
Copy link

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3 files reviewed, no comments

Edit Code Review Agent Settings | Greptile

echobt added a commit that referenced this pull request Feb 4, 2026
@echobt
fix: consolidated numeric overflow/underflow prevention with saturati…
a651ebf 
…ng operations

This PR consolidates the following numeric safety fixes:
- #39: Use saturating casts in git_info to prevent overflow
- #40: Use saturating casts for token counts in streaming
- #41: Use saturating subtraction to prevent underflow in compaction

All changes use saturating arithmetic operations:
- Replaced direct casts with saturating_sub and try_into
- Prevents panic on numeric overflow/underflow conditions
@echobt echobt mentioned this pull request Feb 4, 2026
Closed
@echobt
Copy link
Contributor Author

echobt commented Feb 4, 2026

Consolidated into #71 - fix: consolidated numeric overflow/underflow prevention with saturating operations

@echobt echobt closed this Feb 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@echobt