fix(tui): prevent underflow in dropdown navigation and scroll calculations#64
Closed
fix(tui): prevent underflow in dropdown navigation and scroll calculations#64
Conversation
Fixes #5292 and #5293 - ToolResponseStore memory issues. Problem: 1. Store grows without limit 2. Consumed responses not removed Solution: - Added ToolResponseStore with configurable max size (default: 500 entries) - Entries are removed when consumed via take() method (#5293) - Automatic periodic cleanup of expired entries based on TTL - Eviction of oldest entries when capacity is reached (#5292) Features: - MAX_STORE_SIZE constant (500) to prevent unbounded growth - DEFAULT_TTL (5 minutes) for automatic expiration - CLEANUP_INTERVAL (1 minute) for periodic cleanup - get() for peeking without removal - take() for consuming and removing entries - cleanup_expired() and cleanup_read() for manual cleanup - Stats tracking for monitoring store behavior
- server.rs: Hold write lock during entire state check and modification in handle_initialize to prevent concurrent initialization races - registry.rs: Use HashMap entry API to atomically check-and-insert plugin registration to prevent duplicate registration races Fixes #5262, #5260
Fixes bypass attempts where blocked commands like 'rm -rf' could be evaded using: - Extra whitespace: 'rm -rf' → 'rm -rf' - Quoted parts: "'rm' -rf" → 'rm -rf' - Path variants: '/bin/rm -rf' → 'rm -rf' Added normalize_command() function that: 1. Collapses whitespace by splitting/joining 2. Strips surrounding quotes from command parts 3. Extracts basename for command (first part) Also added comprehensive tests for bypass scenarios.
- Fix #5181: validate_path_safety() now checks path components instead of substring match, preventing false positives for filenames like 'file..txt' - Fix #5183: expand_tilde() now handles bare '~' path in addition to '~/' prefix - Updated tests to verify correct behavior
Fixes #5208, #5210, #5244 - Session storage error handling improvements. Changes: - list_sessions: Now properly collects and reports IO errors instead of silently ignoring them. Returns available sessions while logging errors for failed ones. - SessionManager: Only updates in-memory state after successful storage operations. If storage fails, the session is marked as modified for later retry. - Default impl: Improved panic message to help diagnose initialization failures (permissions, disk space).
…tions Fixes #5182, #5180, #5176 - Add guard for max_visible=0 in dropdown select_next/select_prev - Use saturating_sub in scroll.ensure_visible to prevent underflow - Add bounds checking in scrollable_dropdown visible_items - Guard against max_visible=0 in select_next/select_prev/calculate_scroll_offset
Greptile OverviewGreptile SummaryThis PR fixes critical underflow and division-by-zero issues in TUI dropdown navigation (fixes #5182, #5180, #5176) along with several other robustness improvements across the codebase. Key ChangesTUI Dropdown Fixes (Core Issue)
Additional Robustness Improvements
Confidence Score: 5/5
|
| Filename | Overview |
|---|---|
| src/cortex-tui-components/src/dropdown.rs | Added max_visible == 0 guard in select_next/select_prev to prevent division by zero |
| src/cortex-tui-components/src/scroll.rs | Added visible == 0 guard and nested saturating_sub in ensure_visible to prevent underflow |
| src/cortex-tui/src/widgets/scrollable_dropdown.rs | Fixed visible_items() with .get(), added max_visible == 0 guards, and used nested saturating_sub throughout |
| src/cortex-engine/src/tools/response_store.rs | New bounded storage for tool responses with TTL, capacity limits, and automatic cleanup (fixes #5292, #5293) |
| src/cortex-engine/src/validation.rs | Added normalize_command function to prevent validation bypass via whitespace, quotes, or path variants |
| src/cortex-mcp-server/src/server.rs | Fixed TOCTOU race in handle_initialize by holding write lock during check-and-set |
| src/cortex-plugins/src/registry.rs | Fixed TOCTOU race in plugin registration using HashMap entry API for atomic check-and-insert |
| src/cortex-tui/src/session/manager.rs | Enhanced error handling in add_tokens, pop_last_exchange, and add_message_internal with rollback on failure |
Sequence Diagram
sequenceDiagram
participant User
participant TUI as TUI Component
participant Dropdown as Dropdown/Scroll
participant State as State Manager
Note over User,State: Dropdown Navigation Flow (Fixed)
User->>TUI: Press Up/Down Key
TUI->>Dropdown: select_next() / select_prev()
Dropdown->>Dropdown: Check max_visible == 0 guard
alt max_visible is 0
Dropdown-->>TUI: Return early (no crash)
else max_visible > 0
Dropdown->>Dropdown: Calculate new selected index
Dropdown->>State: ensure_visible(index)
State->>State: Check visible == 0 guard
alt visible is 0
State-->>Dropdown: Return early (no crash)
else visible > 0
State->>State: Calculate offset with saturating_sub
Note over State: offset = index.saturating_sub(visible.saturating_sub(1))
State-->>Dropdown: Offset updated safely
end
Dropdown-->>TUI: Selection updated
end
TUI->>User: UI updates without panic
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
echobt
added a commit
that referenced
this pull request
Feb 4, 2026
… prevention This PR consolidates the following fixes: - #38: Prevent usize to u16 overflow in interactive renderer - #42: Prevent usize to u16 overflow in card count displays - #58: Fix cursor positioning and underflow in selection list - #59: Fix mention popup positioning and Unicode width calculation - #60: Improve autocomplete popup positioning and width calculation - #64: Prevent underflow in dropdown navigation and scroll calculations - #66: Prevent panic in HelpBrowserState when sections empty All changes target the TUI components to improve robustness: - Added saturating casts for u16 conversions - Fixed cursor positioning calculations - Added bounds checking for empty sections - Improved Unicode width handling for popups
Contributor
Author
|
Consolidated into #69 - fix(tui): consolidated TUI fixes for overflow, positioning, and panic prevention |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #5182, #5180, #5176 - Dropdown underflow and panic issues.
Problems
Solution
Added guards for zero values and used saturating arithmetic.
Changes
max_visible=0inselect_next/select_prevvisible=0and usedsaturating_subinensure_visiblevisible_items()to handle edge cases safely with.get()max_visible=0guard inselect_next/select_prev/calculate_scroll_offsetsaturating_subto prevent underflow