mime/multipart: multipart.Reader.readForm fails if you pass math.MaxInt64 because of overflow #58384
Description
What version of Go are you using (go version)?
$ go version go version go1.20 linux/amd64
Does this issue reproduce with the latest release?
Yes.
What operating system and processor architecture are you using (go env)?
go env Output
$ go env GO111MODULE="" GOARCH="amd64" GOBIN="" GOCACHE="/home/[redacted]/.cache/go-build" GOENV="/home/[redacted]/.config/go/env" GOEXE="" GOEXPERIMENT="" GOFLAGS="" GOHOSTARCH="amd64" GOHOSTOS="linux" GOINSECURE="" GOMODCACHE="/home/[redacted]/go/pkg/mod" GONOPROXY="" GONOSUMDB="" GOOS="linux" GOPATH="/home/[redacted]/go" GOPRIVATE="" GOPROXY="https://proxy.golang.org,direct" GOROOT="/usr/local/go" GOSUMDB="sum.golang.org" GOTMPDIR="" GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64" GOVCS="" GOVERSION="go1.20" GCCGO="gccgo" GOAMD64="v1" AR="ar" CC="gcc" CXX="g++" CGO_ENABLED="1" GOMOD="/dev/null" GOWORK="" CGO_CFLAGS="-O2 -g" CGO_CPPFLAGS="" CGO_CXXFLAGS="-O2 -g" CGO_FFLAGS="-O2 -g" CGO_LDFLAGS="-O2 -g" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build3274595099=/tmp/go-build -gno-record-gcc-switches"
What did you do?
Following this issue: #40430 and this commit: 5246fa5
The issue still occurs if the part filename is empty. No error is returned, the part is added to the form with a length of 0.
// mime/multipart/formdata.go#L68
if filename == "" {
// value, store as string in memory
n, err := io.CopyN(&b, p, maxValueBytes+1) // Overflow here
//...
}Current workaround is to pass math.MaxInt64 - 1 as the maxMemory parameter.
Demo: https://go.dev/play/p/-GM_8eG1ylb
What did you expect to see?
I would expect the file to be read correctly.
What did you see instead?
The operation failed silently and the file was added to the form with a size of 0 byte.