Skip to content

Fix ENOBUFS in execGitSync for large diffs (set maxBuffer to 100MB)#25838

Merged
pelikhan merged 3 commits intomainfrom
copilot/fix-buffer-overflow-issue
Apr 11, 2026
Merged

Fix ENOBUFS in execGitSync for large diffs (set maxBuffer to 100MB)#25838
pelikhan merged 3 commits intomainfrom
copilot/fix-buffer-overflow-issue

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 11, 2026
edited
Loading

create_pull_request silently fails with "No changes to commit" when git format-patch --stdout output exceeds Node.js spawnSync's default 1 MB buffer. All three patch generation strategies hit ENOBUFS, fall through, and report a misleading "no commits found" error.

Changes

  • actions/setup/js/git_helpers.cjs: Set maxBuffer: 100 * 1024 * 1024 (100 MB) as default in spawnSync, consistent with other handlers in the codebase. Callers can still override via the options spread. Added explicit ENOBUFS detection that throws an actionable ERR_SYSTEM message instead of letting the generic spawn error propagate silently.
const result = spawnSync("git", args, {
  encoding: "utf8",
  maxBuffer: 100 * 1024 * 1024, // 100 MB — prevents ENOBUFS on large diffs
  ...spawnOptions,
});
  • actions/setup/js/git_helpers.test.cjs: Added test triggering ENOBUFS via maxBuffer: 1 to verify the error path.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/graphql
    • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw 6644286/b106/vetrev-parse ache/go/1.25.8/x--show-toplevel git rev-�� --show-toplevel ortcfg /usr/bin/git st-774488444/.gigit g/gitutil/gitutirev-parse 1/x64/bin/node git (http block)
  • https://api.github.com/orgs/test-owner/actions/secrets
    • Triggering command: /usr/bin/gh gh api /orgs/test-owner/actions/secrets --jq .secrets[].name -json 3 x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
  • https://api.github.com/repos/actions/ai-inference/git/ref/tags/v1
    • Triggering command: /usr/bin/gh gh api /repos/actions/ai-inference/git/ref/tags/v1 --jq .object.sha GOMODCACHE x_amd64/vet /usr/bin/git y-frontmatter.mdgit .cfg 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linuconfig /usr/bin/git y-test.md om/google/jsonscrev-parse 64/pkg/tool/linu--show-toplevel git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v3
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v3 --jq .object.sha /tmp/gh-aw-test-runs/20260411-200355-32799/test-3457898542/.github/workflows remote /usr/bin/git -c=4 -nolocalimports -importcfg git -C /tmp/gh-aw-test-runs/20260411-200355-32799/test-827417351/.github/workflows remote om/owner/repo.git -json GO111MODULE 64/bin/go git (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v5
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha se 6644286/b042/vet.cfg .cfg GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -o 2578719/b189/importcfg -trimpath ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -p slices -lang=go1.25 ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel 64/pkg/tool/linuremote2 /usr/bin/git mpiledOutput7834git .cfg 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git 2578719/b001/exegit aqNl/Sak5XWYSYfQrev-parse ache/go/1.25.8/x--show-toplevel git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v5 --jq .object.sha --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git runs/20260411-20git .cfg /opt/hostedtoolc--show-toplevel git rev-�� --show-toplevel /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git -bool -buildtags (http block)
  • https://api.github.com/repos/actions/checkout/git/ref/tags/v6
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha v1.0.0 /tmp/go-build3206644286/b438/_testmain.go /usr/bin/git g_.a /semver/semver.grev-parse x_amd64/vet git rev-�� --git-dir x_amd64/vet /usr/bin/git m/workflows DfcRFzBGz x_amd64/compile git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha add other /usr/bin/git (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/checkout/git/ref/tags/v6 --jq .object.sha --show-toplevel 64/pkg/tool/linux_amd64/link /usr/bin/git tutil.test /tmp/go-build320rev-parse 1/x64/bin/node git rev-�� --show-toplevel OpUI6xgANH-v6KNFAo/mFDodc1UylrbuieAM-Lz/1rKZ6KO_status /usr/bin/git orts924325404/00git /tmp/go-build320rev-parse g_.a git (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v8
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v8 --jq .object.sha --show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet /usr/bin/git 15/001/test-froncut zUvD/O0MXJnxKO-H-f1 .cfg git rev-�� --show-toplevel ache/go/1.25.8/x^remote\..*\.gh-resolved$ /usr/bin/git se 6644286/b083/vetrev-parse ache/go/1.25.8/x--show-toplevel git (http block)
  • https://api.github.com/repos/actions/github-script/git/ref/tags/v9
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha -json GO111MODULE x_amd64/asm GOINSECURE GOMOD GOMODCACHE x_amd64/asm env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/github-script/git/ref/tags/v9 --jq .object.sha -json 1.5.0/mcp/client-ifaceassert x_amd64/compile GOINSECURE GOMOD runtime/sys/empt-test.paniconexit0 x_amd64/compile env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
  • https://api.github.com/repos/actions/setup-go/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-go/git/ref/tags/v4 --jq .object.sha --get remote.origin.url /usr/bin/git repo105426189/00git til.go x_amd64/vet git rev-�� --show-toplevel x_amd64/vet /usr/bin/git g_.a bt7zDc9ZF x_amd64/vet git (http block)
  • https://api.github.com/repos/actions/setup-node/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/setup-node/git/ref/tags/v4 --jq .object.sha image:v1.0.0 origin /usr/bin/git repo105426189/00git GO111MODULE x_amd64/vet git rev-�� --show-toplevel x_amd64/vet /usr/bin/git m/workflows ke8fejfLv 64/pkg/tool/linu--show-toplevel git (http block)
  • https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v4
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v4 --jq .object.sha t0 -buildtags (http block)
  • https://api.github.com/repos/actions/upload-artifact/git/ref/tags/v7
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha 0355-32799/test-1857709514/.gith@{u} -trimpath ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -p time -lang=go1.25 ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet -o 0355-32799/test-1399685387/.github/workflows -trimpath 6644286/b198/vet.cfg -p net/textproto -lang=go1.25 _Z5tg45/8EaPKnw4BjZQFDGy9gT8 (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha RequiresMinIntegrity1408477468/001 6644286/b275/vet.cfg 64/pkg/tool/linux_amd64/compile -p github.com/goccyrev-parse -lang=go1.21 64/pkg/tool/linux_amd64/compile -uns�� g_.a /tmp/go-build3206644286/b014/vet.cfg 1/x64/bin/node go1.25.8 ngutil -nolocalimports /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linuremote.origin.url (http block)
    • Triggering command: /usr/bin/gh gh api /repos/actions/upload-artifact/git/ref/tags/v7 --jq .object.sha 0355-32799/test-1072176993 -trimpath ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile -p crypto/hkdf -lang=go1.25 ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile -uns�� api-consumption-report.md /tmp/go-build3206644286/b095/vet.cfg 1/x64/bin/node -goversion b/gh-aw/pkg/loggrev-parse -c=4 /opt/hostedtoolcache/go/1.25.8/xrepos/{owner}/{repo}/actions/runs/4/artifacts (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v0.1.2
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v0.1.2 --jq .object.sha HEAD .github/workflows/test.md /opt/hostedtoolcache/node/24.14.1/x64/bin/node ub/workflows _56Gjvce9 x_amd64/vet node /tmp�� /home/REDACTED/work/gh-aw/gh-aw/.github/workflows/ai-moderator.md x_amd64/vet /usr/bin/git b/workflows LamLkoYmy x_amd64/compile git (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.0.0 --jq .object.sha 6644286/b432/sliceutil.test -buildtags ache/node/24.14.1/x64/bin/node -errorsas -ifaceassert -nilfunc Cvvb7EpxEcmJt/BOY-j7o0lOpHVfUmYHLh/KVdc6Eu-CQtSe^remote\..*\.gh-resolved$ t-42�� bility_SameInputSameOutput186059815/001/stability-test.md --stdin 6644286/b432/_pkg_.a --exclude-hiddengit --all --quiet /opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/compile (http block)
  • https://api.github.com/repos/github/gh-aw-actions/git/ref/tags/v1.2.3
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw-actions/git/ref/tags/v1.2.3 --jq .object.sha /tmp/go-build3206644286/b409/_pkg_.a stmain.go ache/node/24.14.1/x64/bin/node -p main -lang=go1.25 /usr/lib/git-core/git t-27�� bility_SameInputSameOutput186059815/001/stability-test.md --revs /usr/bin/git --thin --delta-base-offrev-parse -q git (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/1/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/1/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE 2578719/b078/ GOMODCACHE 64/pkg/tool/linutest@example.com env 1072176993 GO111MODULE x_amd64/link GOINSECURE 2578719/b078/js_rev-parse ache/go/1.25.8/x--show-toplevel x_amd64/link (http block)
    • Triggering command: /usr/bin/gh gh run download 1 --dir test-logs/run-1 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE fips140/check GOMODCACHE 64/pkg/tool/linux_amd64/vet env 2578719/b230/_pkg_.a wDwi/8TvZlM4P0nfuVfRvwDwi .cfg GOINSECURE contextprotocol/rev-parse GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12345/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12345/artifacts --jq .artifacts[].name .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE fips140/subtle GOMODCACHE 64/pkg/tool/linux_amd64/vet env thub/workflows o 64/pkg/tool/linux_amd64/compile GOINSECURE g/x/crypto/cryptrev-parse GOMODCACHE 64/pkg/tool/linux_amd64/compile (http block)
    • Triggering command: /usr/bin/gh gh run download 12345 --dir test-logs/run-12345 .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE 2578719/b006/ GOMODCACHE 64/pkg/tool/linux_amd64/vet env 2578719/b193/_pkg_.a GO111MODULE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE 2578719/b006/asmrev-parse ache/go/1.25.8/x--show-toplevel ache/go/1.25.8/x64/pkg/tool/linu-trimpath (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/12346/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/12346/artifacts --jq .artifacts[].name .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env thub/workflows l_test.go ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE fips140/ed25519 GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linuTest User (http block)
    • Triggering command: /usr/bin/gh gh run download 12346 --dir test-logs/run-12346 .cfg 64/pkg/tool/linu-importcfg GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linu/home/REDACTED/work/gh-aw/gh-aw/pkg/timeutil/format_test.go env 3383179245 -QbQ/h0mDcb4RKnBUHEwN-QbQ ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linuremote.origin.url (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/2/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/2/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linu-nolocalimports GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linu/tmp/go-build3206644286/b444/_testmain.go env 1072176993 GO111MODULE 64/pkg/tool/linux_amd64/compile GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/compile (http block)
    • Triggering command: /usr/bin/gh gh run download 2 --dir test-logs/run-2 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE 2578719/b092/ GOMODCACHE 64/pkg/tool/linux_amd64/vet env ternal/tools/generate-action-metadata/main.go GO111MODULE .cfg GOINSECURE GOMOD 2578719/b092/sym/home/REDACTED/work/gh-aw/gh-aw/.github/workflows/artifacts-summary.md ache/go/1.25.8/x64/pkg/tool/linuremote (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/3/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/3/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env 2578719/b203/_pkg_.a QuTc/8J1aAAdvjhK6D-KwQuTc .cfg GOINSECURE fips140/mlkem GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh run download 3 --dir test-logs/run-3 .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env edcfg aMu6/n6X7R7Av3bGkLZAPaMu6 ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile GOINSECURE l GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linux_amd64/compile (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/4/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/4/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env 2578719/b195/_pkg_.a go .cfg GOINSECURE GOMOD GOMODCACHE ache/go/1.25.8/x64/pkg/tool/linu-importcfg (http block)
    • Triggering command: /usr/bin/gh gh run download 4 --dir test-logs/run-4 .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE fips140/hmac GOMODCACHE 64/pkg/tool/linux_amd64/vet env ternal/tools/actions-build/main.-s ahb4/lZep-2MiwczJtV1iahb4 ger.test GOINSECURE GOMOD GOMODCACHE ger.test (http block)
  • https://api.github.com/repos/github/gh-aw/actions/runs/5/artifacts
    • Triggering command: /usr/bin/gh gh api --paginate repos/{owner}/{repo}/actions/runs/5/artifacts --jq .artifacts[].name GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE (http block)
    • Triggering command: /usr/bin/gh gh run download 5 --dir test-logs/run-5 GO111MODULE 64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 64/pkg/tool/linux_amd64/vet env edcfg GO111MODULE .cfg GOINSECURE l/ascii 2578719/b092/sym--show-toplevel ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/github/gh-aw/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path -c=4 -nolocalimports -importcfg /tmp/go-build3206644286/b411/importcfg -pack /home/REDACTED/work/gh-aw/gh-aw/pkg/fileutil/fileutil.go /home/REDACTED/work/gh-aw/gh-aw/pkg/fileutil/tar.go env -json 1.5.0/internal/j-ifaceassert x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 100 GOMOD ys_wasm.s x_amd64/vet env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh run list --json databaseId,number,url,status,conclusion,workflowName,createdAt,startedAt,updatedAt,event,headBranch,headSha,displayTitle --workflow nonexistent-workflow-12345 --limit 6 b/gh-aw/pkg/typerev-parse GOMODCACHE 64/pkg/tool/linux_amd64/vet env 2578719/b155/_pkg_.a GO111MODULE aw.test GOINSECURE ntio/encoding/isconfig GOMODCACHE aw.test (http block)
  • https://api.github.com/repos/github/gh-aw/contents/.github%2Fworkflows%2Faudit-workflows.md
    • Triggering command: /opt/hostedtoolcache/node/24.14.1/x64/bin/node /opt/hostedtoolcache/node/24.14.1/x64/bin/node --experimental-import-meta-resolve --require /home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/vitest/suppress-warnings.cjs --conditions node --conditions development /home/REDACTED/work/gh-aw/gh-aw/actions/setup/js/node_modules/vitest/dist/workers/forks.js Test User /git git ls-r�� origin refs/heads/fallback-branch t -bare-p52Hbe main modules/@npmcli/--require git (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v0.47.4
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v0.47.4 --jq .object.sha --show-toplevel 64/pkg/tool/linux_amd64/vet /usr/bin/git 827417351/.githugit taK6/ikh7gQ1RReQrev-parse 64/pkg/tool/linu--show-toplevel git rev-�� --show-toplevel 64/pkg/tool/linux_amd64/compile /usr/bin/git g_.a 6644286/b047/vet-c x_amd64/vet git (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.0.0 --jq .object.sha 2578719/b111/_pkg_.a .cfg 64/pkg/tool/linux_amd64/link GOINSECURE b/gh-aw/pkg/strirev-parse ache/go/1.25.8/x--show-toplevel 64/pkg/tool/linux_amd64/link (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v1.2.3
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v1.2.3 --jq .object.sha -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json irent.go x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v2.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env /a.out at.go x_amd64/vet GOINSECURE PKo70slof6jjiiWz-o GOMODCACHE x_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE x_amd64/vet GOINSECURE xcontext GOMODCACHE x_amd64/vet env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v2.0.0 --jq .object.sha -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
  • https://api.github.com/repos/github/gh-aw/git/ref/tags/v3.0.0
    • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw/git/ref/tags/v3.0.0 --jq .object.sha -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/vet GOINSECURE GOMOD GOMODCACHE x_amd64/vet (http block)
  • https://api.github.com/repos/nonexistent/action/git/ref/tags/v999.999.999
    • Triggering command: /usr/bin/gh gh api /repos/nonexistent/action/git/ref/tags/v999.999.999 --jq .object.sha rity1408477468/001 .cfg 64/pkg/tool/linux_amd64/vet GOINSECURE 2578719/b133/ GOMODCACHE 64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/nonexistent/repo/actions/runs/12345
    • Triggering command: /usr/bin/gh gh run view 12345 --repo nonexistent/repo --json status,conclusion GOINSECURE 2578719/b092/ ache/go/1.25.8/xuser.name 64/pkg/tool/linuTest User env 2578719/b246/_pkg_.a .cfg ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet GOINSECURE t/message/cataloinit ache/go/1.25.8/x64/src/reflect/a/tmp/TestHashConsistency_WithImports924325404/001/main.md ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet (http block)
  • https://api.github.com/repos/owner/repo/actions/workflows
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
    • Triggering command: /usr/bin/gh gh workflow list --json name,state,path --repo owner/repo -nolocalimports -importcfg /tmp/go-build3206644286/b415/importcfg -pack /tmp/go-build3206644286/b415/_testmain.go env -json ag.go x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
  • https://api.github.com/repos/owner/repo/contents/file.md
    • Triggering command: /tmp/go-build3206644286/b397/cli.test /tmp/go-build3206644286/b397/cli.test -test.testlogfile=/tmp/go-build3206644286/b397/testlog.txt -test.paniconexit0 -test.v=true -test.parallel=4 -test.timeout=10m0s -test.run=^Test -test.short=true GOINSECURE GOMOD GOMODCACHE go env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
  • https://api.github.com/repos/test-owner/test-repo/actions/secrets
    • Triggering command: /usr/bin/gh gh api /repos/test-owner/test-repo/actions/secrets --jq .secrets[].name -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile env -json GO111MODULE x_amd64/compile GOINSECURE GOMOD GOMODCACHE x_amd64/compile (http block)
  • invalid.example.invalid
    • Triggering command: /usr/lib/git-core/git-remote-https /usr/lib/git-core/git-remote-https origin https://invalid.example.invalid/nonexistent-repo.git git comm�� -m lure test commit k/node_modules/.bin/git -b main ode-gyp-bin/git git conf�� user.email test@test.com /git -b feature-branch it git (dns block)
    • Triggering command: /usr/lib/git-core/git-remote-https /usr/lib/git-core/git-remote-https origin https://invalid.example.invalid/nonexistent-repo.git git comm�� -m lure test commit e_modules/.bin/git user.name Test User de_modules/.bin/-b git conf�� user.email test@test.com /git -b feature-branch 64/bin/git git (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI linked an issue Apr 11, 2026 that may be closed by this pull request
safeoutputs create_pull_request fails with ENOBUFS on large diffs (spawnSync buffer overflow) #25833
Closed
Copilot AI and others added 2 commits April 11, 2026 20:24
@pelikhan
fix: prevent ENOBUFS on large diffs in execGitSync by setting maxBuff…
589ac38 
…er to 100MB

Set maxBuffer: 100 * 1024 * 1024 (100 MB) as the default in execGitSync's
spawnSync call, preventing ENOBUFS when git format-patch produces output
exceeding Node.js's default 1 MB buffer limit.

Also adds explicit ENOBUFS detection to surface an actionable error message
instead of the misleading "No changes to commit" fallback.

Closes #1612

Agent-Logs-Url: https://github.com/github/gh-aw/sessions/38d92d89-2d17-4599-b7fe-7b38765cfc33

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan
style: use single template literal for ENOBUFS error message
fdc7edd 
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/38d92d89-2d17-4599-b7fe-7b38765cfc33

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix buffer overflow in safeoutputs create_pull_request Fix ENOBUFS in execGitSync for large diffs (set maxBuffer to 100MB) Apr 11, 2026
Copilot AI requested a review from pelikhan April 11, 2026 20:26
@pelikhan pelikhan marked this pull request as ready for review April 11, 2026 21:03
Copilot AI review requested due to automatic review settings April 11, 2026 21:03
@pelikhan pelikhan merged commit 4f0cd13 into main Apr 11, 2026
54 checks passed
@pelikhan pelikhan deleted the copilot/fix-buffer-overflow-issue branch April 11, 2026 21:04
Copilot AI reviewed Apr 11, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adjusts execGitSync to avoid spawnSync buffer overflows on large git outputs and to surface clearer errors when they occur, preventing misleading “No changes to commit” fallbacks during patch generation.

Changes:

  • Set a larger default spawnSync maxBuffer (100MB) in execGitSync.
  • Add explicit handling for ENOBUFS to throw a more actionable error.
  • Add a regression test for the ENOBUFS path and a changeset entry.
Show a summary per file
File Description
actions/setup/js/git_helpers.cjs Raises default spawnSync buffer and adds explicit ENOBUFS detection with a custom error.
actions/setup/js/git_helpers.test.cjs Adds a test that forces a buffer overflow via maxBuffer: 1.
.changeset/patch-fix-create-pr-enobufs.md Documents the fix for release notes/versioning.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 3/3 changed files
  • Comments generated: 2

actions/setup/js/git_helpers.cjs
Comment on lines +75 to +77
if (result.error.code === "ENOBUFS") {
const bufferError = new Error(`${ERR_SYSTEM}: Git command output exceeded buffer limit (ENOBUFS). The output from '${args[0]}' is too large for the configured maxBuffer. Consider reducing the diff size or increasing maxBuffer.`);
bufferError.code = "ENOBUFS";
Copy link

Copilot AI Apr 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

git_helpers.cjs is included in tsc --noEmit with checkJs: true, so bufferError is typed as Error and bufferError.code = "ENOBUFS" will fail type-checking (Property 'code' does not exist on type 'Error'). Consider typing/casting the error as NodeJS.ErrnoException (or using a small helper type) before setting .code, and optionally attach the original result.error as the cause so diagnostics aren’t lost.

Suggested change
if (result.error.code === "ENOBUFS") {
const bufferError = new Error(`${ERR_SYSTEM}: Git command output exceeded buffer limit (ENOBUFS). The output from '${args[0]}' is too large for the configured maxBuffer. Consider reducing the diff size or increasing maxBuffer.`);
bufferError.code = "ENOBUFS";
if (result.error.code === "ENOBUFS") {
/** @type {NodeJS.ErrnoException & { cause?: unknown }} */
const bufferError = new Error(`${ERR_SYSTEM}: Git command output exceeded buffer limit (ENOBUFS). The output from '${args[0]}' is too large for the configured maxBuffer. Consider reducing the diff size or increasing maxBuffer.`);
bufferError.code = "ENOBUFS";
bufferError.cause = result.error;

Copilot uses AI. Check for mistakes.
actions/setup/js/git_helpers.test.cjs
Comment on lines +87 to +89
expect(() => {
execGitSync(["--version"], { maxBuffer: 1 });
}).toThrow(/ENOBUFS|buffer limit/i);
Copy link

Copilot AI Apr 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This new test only asserts that some error message matches /ENOBUFS|buffer limit/i, which can pass even if the new actionable ENOBUFS branch doesn’t run (e.g., if Node reports a different error code/message and the original spawnSync error is thrown). To ensure the intended behavior, assert on the specific message prefix/content you construct (and/or that the thrown error has code === "ENOBUFS").

Suggested change
expect(() => {
execGitSync(["--version"], { maxBuffer: 1 });
}).toThrow(/ENOBUFS|buffer limit/i);
let thrown;
try {
execGitSync(["--version"], { maxBuffer: 1 });
} catch (error) {
thrown = error;
}
expect(thrown).toBeInstanceOf(Error);
expect(thrown.code).toBe("ENOBUFS");
expect(thrown.message).toContain("ENOBUFS");
expect(thrown.message.toLowerCase()).toContain("buffer limit");

Copilot uses AI. Check for mistakes.
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 11, 2026

Hey @Copilot (on behalf of @pelikhan) 👋 — great work tracking down this subtle buffer overflow bug in execGitSync! Silently swallowing ENOBUFS and surfacing a misleading "no commits found" error is exactly the kind of thing that's hard to diagnose in production, so landing a proper fix — plus explicit error detection — is a real quality-of-life improvement.

The PR ticks all the boxes: it's tightly focused on a single root cause, includes a regression test in git_helpers.test.cjs that reproduces the failure via maxBuffer: 1, and references the originating issue (#1612). The maxBuffer: 100 MB default is consistent with other handlers in the codebase, and callers retain override capability via the options spread.

This looks ready for maintainer review. 🚀

Contribution check: 🟢 Alignedlgtm

Generated by Contribution Check · ● 2.7M ·

This was referenced Apr 11, 2026
Closed
Open
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 11, 2026

🧪 Test Quality Sentinel Report

Test Quality Score: 100/100

Excellent test quality

Metric Value
New/modified tests analyzed 1
✅ Design tests (behavioral contracts) 1 (100%)
⚠️ Implementation tests (low value) 0 (0%)
Tests with error/edge cases 1 (100%)
Duplicate test clusters 0
Test inflation detected No (9 test lines / 8 production lines = 1.13×)
🚨 Coding-guideline violations None

Test Classification Details

Test File Classification Issues Detected
should throw actionable ENOBUFS error when maxBuffer is exceeded actions/setup/js/git_helpers.test.cjs ✅ Design None

Analysis

The PR adds exactly one new test function (9 lines) to cover the ENOBUFS error path introduced in execGitSync. The test:

  1. Triggers the exact failure mode — passes maxBuffer: 1 to force the buffer overflow on real git output.
  2. Asserts on observable behavior — verifies that the thrown error message matches /ENOBUFS|buffer limit/i, confirming the actionable error message contract.
  3. Covers the error path — the entire test is an error-path scenario; no happy-path only concerns.

What design invariant does this test enforce? When spawnSync exceeds its buffer, execGitSync must throw an error with a message that includes "ENOBUFS" or "buffer limit" — making the failure diagnosable rather than cryptic.

What would break if deleted? A future refactor that accidentally drops the ENOBUFS-specific error message (e.g., letting the raw Node.js error propagate) would go undetected.

Language Support

Tests analyzed:

  • 🟨 JavaScript (*.test.cjs): 1 test (vitest)

Verdict

Check passed. 0% of new tests are implementation tests (threshold: 30%). The single new test directly exercises the behavioral contract introduced by this fix — verifying that buffer-overflow failures produce an actionable, identifiable error.

📖 Understanding Test Classifications

Design Tests (High Value) verify what the system does:

  • Assert on observable outputs, return values, or state changes
  • Cover error paths and boundary conditions
  • Would catch a behavioral regression if deleted
  • Remain valid even after internal refactoring

Implementation Tests (Low Value) verify how the system does it:

  • Assert on internal function calls (mocking internals)
  • Only test the happy path with typical inputs
  • Break during legitimate refactoring even when behavior is correct
  • Give false assurance: they pass even when the system is wrong

Goal: Shift toward tests that describe the system's behavioral contract — the promises it makes to its users and collaborators.

🧪 Test quality analysis by Test Quality Sentinel · ● 586.9K ·

github-actions[bot]
github-actions bot approved these changes Apr 11, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Test Quality Sentinel: 100/100. Test quality is excellent — 0% of new tests are implementation tests (threshold: 30%). The single new test directly enforces the ENOBUFS error-message behavioral contract introduced by this fix.

Copilot AI added a commit that referenced this pull request Apr 11, 2026
Fix ENOBUFS in execGitSync for large diffs (set maxBuffer to 100MB) (#…
a231afc 
…25838)

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@github-actions github-actions[bot] github-actions[bot] approved these changes

+1 more reviewer

@pelikhan pelikhan pelikhan approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

safeoutputs create_pull_request fails with ENOBUFS on large diffs (spawnSync buffer overflow)

3 participants

@pelikhan