critic: overflow-guard maxSteps += RaiseStepsBy (gadfly 5-model convergence)
executus CI / test (pull_request) Has been cancelled
executus CI / test (pull_request) Has been cancelled
A buggy/hostile Escalator returning a huge RaiseStepsBy could wrap handle.maxSteps negative (which the executor reads as defer-to-base). Clamp at math.MaxInt. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -19,6 +19,7 @@ package critic
|
|||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"log/slog"
|
"log/slog"
|
||||||
|
"math"
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
@@ -275,6 +276,12 @@ func (h *handle) tick(ctx context.Context) {
|
|||||||
h.deadline = h.deadline.Add(d.ExtendBy)
|
h.deadline = h.deadline.Add(d.ExtendBy)
|
||||||
}
|
}
|
||||||
if d.RaiseStepsBy > 0 {
|
if d.RaiseStepsBy > 0 {
|
||||||
|
// Overflow-safe: a buggy Escalator returning a huge delta must not wrap
|
||||||
|
// maxSteps negative (which the executor would read as "defer to base").
|
||||||
|
if d.RaiseStepsBy > math.MaxInt-h.maxSteps {
|
||||||
|
h.maxSteps = math.MaxInt
|
||||||
|
} else {
|
||||||
h.maxSteps += d.RaiseStepsBy
|
h.maxSteps += d.RaiseStepsBy
|
||||||
}
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user