Skip to content

Fix allocation-size-overflow in buildDomainItems (CodeQL #558)#23059

Merged
pelikhan merged 3 commits intomainfrom
copilot/fix-code-scanning-alerts
Mar 26, 2026
Merged

Fix allocation-size-overflow in buildDomainItems (CodeQL #558)#23059
pelikhan merged 3 commits intomainfrom
copilot/fix-code-scanning-alerts

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Mar 26, 2026
edited
Loading

buildDomainItems passed len(allowedDomains)+len(blockedDomains) directly to make as the capacity. On pathological inputs, this addition overflows int, producing a negative value and a runtime panic.

Change

Removed the len-based capacity preallocation entirely, replacing make([]DomainItem, 0, capacity) with a plain var items []DomainItem declaration. The slice grows naturally via append as items are added, eliminating both the overflow risk and the need for the math import.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@pelikhan
Fix CodeQL alert #558: guard against allocation-size-overflow in buil…
fcbb734 
…dDomainItems

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/802f02f3-8be9-4bc4-a55f-6ba217af09c5

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@github-actions github-actions bot mentioned this pull request Mar 26, 2026
Open
Copilot AI changed the title [WIP] Fix code scanning alert 558 Fix allocation-size-overflow in buildDomainItems (CodeQL #558) Mar 26, 2026
Copilot AI requested a review from pelikhan March 26, 2026 06:27
@pelikhan
Copy link
Copy Markdown
Collaborator

pelikhan commented Mar 26, 2026

@copilot do not preallocate with len.

@pelikhan
Remove len-based preallocation in buildDomainItems
29bb8de 
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/2b975856-7afc-4697-aff2-b430bc52c9cc

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented Mar 26, 2026

@copilot do not preallocate with len.

Done in 29bb8de — replaced make([]DomainItem, 0, capacity) with var items []DomainItem, removing the len-based preallocation and the math import entirely.

@pelikhan pelikhan marked this pull request as ready for review March 26, 2026 06:38
Copilot AI review requested due to automatic review settings March 26, 2026 06:38
@pelikhan pelikhan merged commit 554a932 into main Mar 26, 2026
@pelikhan pelikhan deleted the copilot/fix-code-scanning-alerts branch March 26, 2026 06:38
Copilot stopped work on behalf of pelikhan due to an error March 26, 2026 06:38
The session was cancelled by the user.
Copilot AI reviewed Mar 26, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes a potential int overflow panic in buildDomainItems when preallocating slice capacity from len(allowedDomains)+len(blockedDomains) on pathological inputs.

Changes:

  • Removes len-based capacity preallocation in buildDomainItems to avoid overflow/panic.
  • Initializes items as a nil slice and relies on append growth.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@github-actions github-actions bot mentioned this pull request Mar 26, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pelikhan