critic: overflow-guard maxSteps += RaiseStepsBy (gadfly 5-model convergence)
executus CI / test (pull_request) Has been cancelled

A buggy/hostile Escalator returning a huge RaiseStepsBy could wrap handle.maxSteps
negative (which the executor reads as defer-to-base). Clamp at math.MaxInt.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-06-27 14:38:48 -04:00
parent 4ba83ab905
commit 306d575c31
+7
View File
@@ -19,6 +19,7 @@ package critic
import ( import (
"context" "context"
"log/slog" "log/slog"
"math"
"sync" "sync"
"time" "time"
@@ -275,6 +276,12 @@ func (h *handle) tick(ctx context.Context) {
h.deadline = h.deadline.Add(d.ExtendBy) h.deadline = h.deadline.Add(d.ExtendBy)
} }
if d.RaiseStepsBy > 0 { if d.RaiseStepsBy > 0 {
// Overflow-safe: a buggy Escalator returning a huge delta must not wrap
// maxSteps negative (which the executor would read as "defer to base").
if d.RaiseStepsBy > math.MaxInt-h.maxSteps {
h.maxSteps = math.MaxInt
} else {
h.maxSteps += d.RaiseStepsBy h.maxSteps += d.RaiseStepsBy
} }
}
} }