fix: use checked arithmetic in TwoPartCodec to prevent integer overflow (#6959)

Signed-off-by: ShounakRay <shounak@stanford.edu>

fix: use checked arithmetic in TwoPartCodec to prevent integer overflow (#6959)
Signed-off-by: ShounakRay <shounak@stanford.edu>
64ae47fd · Shounak Ray · GitHub · 987fdcb1 · 64ae47fd
Unverified Commit 64ae47fd authored Mar 06, 2026 by Shounak Ray Committed by GitHub Mar 06, 2026
Show whitespace changes
Inline Side-by-side

Showing with 14 additions and 2 deletions

lib/runtime/src/pipeline/network/codec/two_part.rs lib/runtime/src/pipeline/network/codec/two_part.rs +14 -2

No files found.
--- a/lib/runtime/src/pipeline/network/codec/two_part.rs
+++ b/lib/runtime/src/pipeline/network/codec/two_part.rs
@@ -55,7 +55,13 @@ impl Decoder for TwoPartCodec {
        let body_len = cursor.get_u64() as usize;
        let _checksum = cursor.get_u64();
-        let total_len = 24 + header_len + body_len;
+        let total_len = 24usize
+            .checked_add(header_len)
+            .and_then(|n| n.checked_add(body_len))
+            .ok_or(TwoPartCodecError::MessageTooLarge(
+                usize::MAX,
+                self.max_message_size.unwrap_or(usize::MAX),
+            ))?;
        // Check if total_len exceeds max_message_size
        if let Some(max_size) = self.max_message_size
@@ -109,7 +115,13 @@ impl Encoder<TwoPartMessage> for TwoPartCodec {
        let header_len = item.header.len();
        let body_len = item.data.len();
-        let total_len = 24 + header_len + body_len; // 24 bytes for lengths and checksum
+        let total_len = 24usize
+            .checked_add(header_len)
+            .and_then(|n| n.checked_add(body_len))
+            .ok_or(TwoPartCodecError::MessageTooLarge(
+                usize::MAX,
+                self.max_message_size.unwrap_or(usize::MAX),
+            ))?;
        // Check if total_len exceeds max_message_size
        if let Some(max_size) = self.max_message_size