fix(ui): clamp column width to avoid makeslice panic on huge -width#101
Merged
Conversation
A user-supplied -width propagated unclamped into the side-by-side
renderer, where both truncPad (via runewidth.FillRight) and the divider
(strings.Repeat) would attempt a multi-gigabyte allocation and panic
with "makeslice: len out of range":
structalign -diff=side -width=4611686018427387904 ./pkg
Clamp the per-side width to maxColWidth (1<<16 cells, far wider than
any real terminal) inside truncPad - making the fuzzed function total -
and once in renderSideBySide so the divider shares the bound.
Found by fuzzing during the ClusterFuzzLite integration (#99):
fuzz_trunc_pad crashed within seconds in the OSS-Fuzz container. The
bug predates #94 - the old hand-rolled loop panicked identically in
strings.Repeat. After the fix the target runs 64k+ executions clean.
Closes #100
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Clamp the side-by-side column width to
maxColWidth(1<<16cells) intruncPadandrenderSideBySide.Why
A user-supplied
-widthflowed unclamped into the renderer; bothrunewidth.FillRightand the divider'sstrings.Repeatwould attempt a multi-GB allocation:Found by fuzzing during the ClusterFuzzLite work (#99) —
fuzz_trunc_padcrashed within 5 seconds in the OSS-Fuzz container. The bug predates #94: the old hand-rolled loop panicked identically instrings.Repeat(" ", w-total).Fix shape
truncPad:w = min(w, maxColWidth)— the fuzzed function is now total.renderSideBySide: clamp once into a localwidthshared by the header, divider, and rows (keeps exact column geometry).Verification
TestTruncPadHugeWidth+TestRenderSideBySideHugeWidthreproduced the exact panic (RED) before the fix, pass after (GREEN).fuzz_trunc_padin the OSS-Fuzz container: 64k+ executions / 60s, zero crashes (was: crash in <5s).task cigreen (204 tests, lint + go-consistent 0 issues).Closes #100
🤖 Generated with Claude Code