From 430ff146dd11eca32859657a02723826679805b1 Mon Sep 17 00:00:00 2001
From: algochoi <86622919+algochoi@users.noreply.github.com>
Date: Tue, 18 Apr 2023 17:44:51 -0400
Subject: [PATCH] Check for max int bounds when converting from uint

---
 daemon/algod/api/server/v2/handlers.go           |  4 ++++
 daemon/algod/api/server/v2/test/handlers_test.go | 10 +++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/daemon/algod/api/server/v2/handlers.go b/daemon/algod/api/server/v2/handlers.go
index 7d99d91763..584a8da388 100644
--- a/daemon/algod/api/server/v2/handlers.go
+++ b/daemon/algod/api/server/v2/handlers.go
@@ -1692,6 +1692,10 @@ func (v2 *Handlers) GetBlockTimeStampOffset(ctx echo.Context) error {
 // This is only available in dev mode.
 // (POST /v2/devmode/blocks/offset/{offset})
 func (v2 *Handlers) SetBlockTimeStampOffset(ctx echo.Context, offset uint64) error {
+	if offset > math.MaxInt64 {
+		err := fmt.Errorf("block timestamp offset cannot be larger than max int64 value")
+		return badRequest(ctx, err, fmt.Sprintf(errFailedSettingTimeStampOffset, err), v2.Log)
+	}
 	err := v2.Node.SetBlockTimeStampOffset(int64(offset))
 	if err != nil {
 		return badRequest(ctx, err, fmt.Sprintf(errFailedSettingTimeStampOffset, err), v2.Log)
diff --git a/daemon/algod/api/server/v2/test/handlers_test.go b/daemon/algod/api/server/v2/test/handlers_test.go
index d4c4c03817..2c93fb1591 100644
--- a/daemon/algod/api/server/v2/test/handlers_test.go
+++ b/daemon/algod/api/server/v2/test/handlers_test.go
@@ -23,6 +23,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"math"
 	"net/http"
 	"net/http/httptest"
 	"strings"
@@ -1975,7 +1976,7 @@ func TestTimestampOffsetInDevMode(t *testing.T) {
 	handler, c, rec, _, _, releasefunc := setupMockNodeForMethodGet(t, cannedStatusReportGolden, true)
 	defer releasefunc()
 
-	// TestSetBlockTimeStampOffset 404
+	// TestGetBlockTimeStampOffset 404
 	err := handler.GetBlockTimeStampOffset(c)
 	require.NoError(t, err)
 	require.Equal(t, 404, rec.Code)
@@ -1992,4 +1993,11 @@ func TestTimestampOffsetInDevMode(t *testing.T) {
 	err = handler.GetBlockTimeStampOffset(c)
 	require.NoError(t, err)
 	require.Equal(t, 200, rec.Code)
+	c, rec = newReq(t)
+
+	// TestSetBlockTimeStampOffset 400
+	err = handler.SetBlockTimeStampOffset(c, math.MaxUint64)
+	require.NoError(t, err)
+	require.Equal(t, 400, rec.Code)
+	require.Equal(t, "{\"message\":\"failed to set timestamp offset on the node: block timestamp offset cannot be larger than max int64 value\"}\n", rec.Body.String())
 }