harden server — startup, shutdown, overflow guards#91
Merged
Conversation
- replace .expect() on address parsing with graceful eprintln + exit(1) - clamp Duration::as_millis() to i64::MAX in AOF expire_ms fields - add 30s shutdown timeout so hung connections don't block exit - fix gossip port arithmetic: checked_add at startup, saturating_add in internal paths, fix hardcoded 10000 in cluster_meet to use configured gossip_port_offset - add truncated snapshot test covering partial-read detection
kacy
added a commit
that referenced
this pull request
Feb 19, 2026
- replace .expect() on address parsing with graceful eprintln + exit(1) - clamp Duration::as_millis() to i64::MAX in AOF expire_ms fields - add 30s shutdown timeout so hung connections don't block exit - fix gossip port arithmetic: checked_add at startup, saturating_add in internal paths, fix hardcoded 10000 in cluster_meet to use configured gossip_port_offset - add truncated snapshot test covering partial-read detection
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
summary
.expect()calls on address parsing in main.rs with gracefuleprintln!+exit(1), matching the pattern used everywhere else in the fileDuration::as_millis()(u128) toi64::MAXbefore casting to i64 in AOF expire_ms fields — prevents silent sign corruption on extremely large TTLschecked_addvalidation at startup,saturating_addfor internal paths, and fixcluster_meetwhich hardcoded10000instead of using the configured--cluster-port-offsetwhat was tested
cargo test -p emberkv-core -p ember-persistence -p ember-server -p ember-cluster— 467 tests passcargo clippy --workspace -- -D warnings— cleandesign considerations
cluster_meethardcoded port offset was a real bug: if a user ran with--cluster-port-offset 20000, MEET commands would try to connect on the wrong gossip port. now usesself.gossip_port_offsetwithchecked_addand returns an error frame on overflow.saturating_addis used for startup paths (already validated in main.rs) rather thanchecked_addto keep the code simple where overflow is already ruled out.