Tighten ffi pointer bounds, sparse archive extraction, and the Windows default trust store#31581
Open
Jarred-Sumner wants to merge 8 commits into
Open
Tighten ffi pointer bounds, sparse archive extraction, and the Windows default trust store#31581Jarred-Sumner wants to merge 8 commits into
Jarred-Sumner wants to merge 8 commits into
Claude / Claude Code Review
completed
May 29, 2026 in 13m 7s
Code review found 1 potential issue
Found 5 candidates, confirmed 1. See review comments for details.
Details
| Severity | Count |
|---|---|
| 🔴 Important | 0 |
| 🟡 Nit | 1 |
| 🟣 Pre-existing | 0 |
| Severity | File:Line | Issue |
|---|---|---|
| 🟡 Nit | src/runtime/ffi/FFIObject.rs:466-468 |
ptr() panics on i64::MIN byteOffset instead of throwing |
Annotations
Check warning on line 468 in src/runtime/ffi/FFIObject.rs
claude / Claude Code Review
ptr() panics on i64::MIN byteOffset instead of throwing
The negative branch still computes `-bytei64`, which overflows when `bytei64 == i64::MIN` (e.g. `ptr(buf, -Infinity)`, since `to_int64()` saturates) — in debug it panics on the negation, and in release it wraps to `i64::MIN` so `usize::try_from(...).expect("int cast")` panics. Since this PR's goal is making `ptr()` reject bad offsets gracefully, it's worth swapping `-bytei64` for `bytei64.unsigned_abs()` here too. (Pre-existing line, but adjacent to and in scope of this hardening.)
Loading