From 306d575c3165f1be3593624aa6a67ae42dd8cbd9 Mon Sep 17 00:00:00 2001 From: Steve Dudenhoeffer Date: Sat, 27 Jun 2026 14:38:48 -0400 Subject: [PATCH] critic: overflow-guard maxSteps += RaiseStepsBy (gadfly 5-model convergence) A buggy/hostile Escalator returning a huge RaiseStepsBy could wrap handle.maxSteps negative (which the executor reads as defer-to-base). Clamp at math.MaxInt. Co-Authored-By: Claude Opus 4.8 (1M context) --- critic/critic.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/critic/critic.go b/critic/critic.go index 0952120..0c948a5 100644 --- a/critic/critic.go +++ b/critic/critic.go @@ -19,6 +19,7 @@ package critic import ( "context" "log/slog" + "math" "sync" "time" @@ -275,6 +276,12 @@ func (h *handle) tick(ctx context.Context) { h.deadline = h.deadline.Add(d.ExtendBy) } if d.RaiseStepsBy > 0 { - h.maxSteps += d.RaiseStepsBy + // Overflow-safe: a buggy Escalator returning a huge delta must not wrap + // maxSteps negative (which the executor would read as "defer to base"). + if d.RaiseStepsBy > math.MaxInt-h.maxSteps { + h.maxSteps = math.MaxInt + } else { + h.maxSteps += d.RaiseStepsBy + } } }