Guard OTLP attribute merge against allocation-size overflow#34117
Merged
Conversation
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Fix code scanning alert #606
Guard OTLP attribute merge against allocation-size overflow
May 22, 2026
Collaborator
|
@copilot create a helper to allocate array size to be reuse on every allocation site to avoid security warning. |
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Contributor
Author
Fixed in e861607. I added a reusable |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR hardens slice/map preallocation across the pkg/workflow package to avoid int overflow when computing capacity hints (e.g., len(a)+len(b)), including the originally flagged OTLP custom attribute merge path.
Changes:
- Introduce
safeAllocationCapacity(...int)to safely sum allocation “capacity hints” and fall back to0on overflow. - Replace direct
len(x)+len(y)(+n)preallocation expressions withsafeAllocationCapacity(...)in multiple workflow components (OTLP merge, permissions, generators, validators). - Add unit tests covering boundary and overflow behavior for the new helper.
Show a summary per file
| File | Description |
|---|---|
| pkg/workflow/workflow_import_merge.go | Use safe capacity hint when merging imported and main job pre-steps. |
| pkg/workflow/tools.go | Guard preallocation when merging types lists in defaults application. |
| pkg/workflow/threat_detection.go | Guard map preallocation when injecting threat-detection if conditions. |
| pkg/workflow/safe_output_handlers.go | Guard map preallocation when building handler lookup map. |
| pkg/workflow/safe_jobs_needs_validation.go | Guard slice preallocation when assembling cycle descriptions. |
| pkg/workflow/run_step_sanitizer.go | Guard map preallocation when rebuilding env maps during sanitization. |
| pkg/workflow/permissions.go | Guard map preallocation when building valid permission scope set. |
| pkg/workflow/permissions_validation.go | Guard slice preallocation when building scope list for fuzzy matching. |
| pkg/workflow/observability_otlp.go | Guard OTLP custom-attributes merge map preallocation. |
| pkg/workflow/network_firewall_validation.go | Guard slice preallocation when collecting ecosystem identifiers. |
| pkg/workflow/mcp_setup_generator.go | Guard preallocation for env key list + env map during setup YAML generation. |
| pkg/workflow/known_action_credentials.go | Guard map preallocation when merging known-action env var sets. |
| pkg/workflow/domains.go | Guard slice preallocation when building default domain lists. |
| pkg/workflow/concurrency.go | Guard slice preallocation when building concurrency expression parts. |
| pkg/workflow/compiler_safe_outputs.go | Guard map/slice preallocation when merging event types. |
| pkg/workflow/compiler_jobs.go | Guard slice preallocation when inserting pre-steps into step list. |
| pkg/workflow/compiler_aw_context.go | Guard slice preallocation when injecting workflow trigger inputs. |
| pkg/workflow/compiler_activation_job.go | Guard slice preallocation when injecting if after name. |
| pkg/workflow/awf_helpers.go | Guard map preallocation when building ecosystem domain map for scripts. |
| pkg/workflow/allocation_helpers.go | Add safeAllocationCapacity helper to prevent int overflow in capacity hints. |
| pkg/workflow/allocation_helpers_test.go | Add regression tests for overflow/boundary behavior of the helper. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 21/21 changed files
- Comments generated: 1
Comment on lines
+5
to
+8
| // safeAllocationCapacity returns the summed capacity hint when it fits in int. | ||
| // When the total would overflow, it falls back to 0 so callers can skip | ||
| // preallocation without changing correctness. | ||
| func safeAllocationCapacity(parts ...int) int { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Code scanning flagged an integer-overflow risk in OTLP custom attribute merging. This change hardens the allocation path so extremely large input maps cannot overflow the capacity calculation and panic during merge.
Overflow guard in OTLP attribute merging
len(base) + len(override)capacity hint inmergeOTLPCustomAttributeswith a bounded helper.int; otherwise falls back to0so the merge remains correct without unsafe preallocation.Focused regression coverage
math.MaxIntboundary