Skip to content

fix: char-boundary-safe truncation in reader quotes and activity/history (crashes on multibyte)#115

Merged
bhekanik merged 1 commit into
mainfrom
fix/multibyte-cli-panics
Jul 11, 2026
Merged

fix: char-boundary-safe truncation in reader quotes and activity/history (crashes on multibyte)#115
bhekanik merged 1 commit into
mainfrom
fix/multibyte-cli-panics

Conversation

@bhekanik

@bhekanik bhekanik commented Jul 11, 2026

Copy link
Copy Markdown
Contributor

Problem

Three byte-index panics on multibyte input (mail-derived or user-typed):

  1. reader quotes.rs extract_from_on_wrote: rfind("wrote:") offset came from a to_lowercase() copy but sliced the ORIGINAL header; to_lowercase() can change byte length (İ U+0130 grows) → slice off a char boundary → panic rendering a quoted reply.
  2. activity activity.rs: &t[..t.len().min(12)] byte-sliced a mail-derived target_id (IDN email, unicode snippet) → panic in mxr activity.
  3. activity/history duration parse: split_at(len-1) on a multibyte unit (3日, ) → panic.

Fix

  1. Locate "wrote:" (ASCII) as a byte offset in the original via windows().rposition(|w| w.eq_ignore_ascii_case(b"wrote:")) — ASCII match start is a valid char boundary; original case preserved.
  2. t.chars().take(12).collect().
  3. let unit = s.chars().last()?; &s[..s.len() - unit.len_utf8()] (the char-safe idiom already used in senders.rs); non-ASCII unit → clean parse error, no panic.
    Regression test per bug (İ×7, 3日/, IDN target_id). reader (6) + mxr activity/history (16) tests pass; clippy clean.

CI note: workspace clippy red on pre-existing 1.97 lints until #111 merges; will rebase.


Summary by cubic

Fixes crashes caused by multibyte characters by making quote detection and activity/history truncation and parsing char-boundary safe. Unicode names, IDN emails, and non-ASCII duration units no longer crash the CLI.

  • Bug Fixes
    • Reader quotes: find "wrote:" with an ASCII-insensitive byte scan on the original header to avoid invalid indices from to_lowercase(); preserves the original case.
    • Activity list: truncate target_id with chars().take(12) to avoid cutting inside a multibyte character.
    • Activity/History durations: peel the last character safely and match ASCII units (s/m/h/d/w); non-ASCII units now return a clean error instead of panicking.

Written for commit 603f172. Summary will update on new commits.

Review in cubic

@vercel

vercel Bot commented Jul 11, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
mxr-mail Ready Ready Preview, Comment Jul 11, 2026 2:12am

@coderabbitai

coderabbitai Bot commented Jul 11, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@bhekanik, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 30 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 95a9f144-92e9-49e4-9f96-6b0845f8be3e

📥 Commits

Reviewing files that changed from the base of the PR and between c9b2f59 and 603f172.

📒 Files selected for processing (3)
  • crates/daemon/src/commands/activity.rs
  • crates/daemon/src/commands/history.rs
  • crates/reader/src/quotes.rs
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/multibyte-cli-panics

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 issue found across 3 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="crates/daemon/src/commands/activity.rs">

<violation number="1" location="crates/daemon/src/commands/activity.rs:193">
P2: Large relative-duration inputs can panic or produce a wrapped timestamp because each unit conversion multiplies `n` unchecked. Return `None` on overflow so `parse_time_input` reports invalid input instead.</violation>
</file>

Reply with feedback, questions, or to request a fix.

Re-trigger cubic

Comment on lines +193 to 200
's' => n * 1_000,
'm' => n * 60_000,
'h' => n * 3_600_000,
'd' => n * 86_400_000,
'w' => n * 7 * 86_400_000,
_ => return None,
};
Some(ms)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: Large relative-duration inputs can panic or produce a wrapped timestamp because each unit conversion multiplies n unchecked. Return None on overflow so parse_time_input reports invalid input instead.

Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At crates/daemon/src/commands/activity.rs, line 193:

<comment>Large relative-duration inputs can panic or produce a wrapped timestamp because each unit conversion multiplies `n` unchecked. Return `None` on overflow so `parse_time_input` reports invalid input instead.</comment>

<file context>
@@ -182,14 +182,19 @@ fn parse_duration_ms(s: &str) -> Option<i64> {
-        "h" => n * 3_600_000,
-        "d" => n * 86_400_000,
-        "w" => n * 7 * 86_400_000,
+        's' => n * 1_000,
+        'm' => n * 60_000,
+        'h' => n * 3_600_000,
</file context>

@bhekanik bhekanik force-pushed the fix/multibyte-cli-panics branch from 677c559 to 603f172 Compare July 11, 2026 02:00
@bhekanik bhekanik merged commit c6e96f0 into main Jul 11, 2026
26 checks passed
@bhekanik bhekanik deleted the fix/multibyte-cli-panics branch July 11, 2026 02:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant