fix issue 1-10

pingcap · RidRisR · Oct 22, 2025 · Oct 22, 2025 · Oct 31, 2025 · Oct 31, 2025
commit d6b948eae65d076156c61471ce01c4fde91020e1
diff --git a/br/pkg/storage/s3.go b/br/pkg/storage/s3.go
@@ -953,10 +953,19 @@ func (rs *S3Storage) open(
 			return nil, RangeInfo{}, errors.Annotatef(berrors.ErrStorageUnknown, "open file '%s' failed. The S3 object has no content length", path)
 		}
 		objectSize := *(result.ContentLength)
-		r = RangeInfo{
-			Start: 0,
-			End:   objectSize - 1,
-			Size:  objectSize,
+		// Handle empty objects (size=0) to avoid End=-1
+		if objectSize == 0 {
+			r = RangeInfo{
+				Start: 0,
+				End:   0,
+				Size:  0,
+			}
+		} else {
+			r = RangeInfo{
+				Start: 0,
+				End:   objectSize - 1,
+				Size:  objectSize,
+			}
 		}
 	} else {
 		r, err = ParseRangeInfo(result.ContentRange)

diff --git a/br/pkg/storage/storage.go b/br/pkg/storage/storage.go
@@ -304,7 +304,17 @@ func ReadDataInRange(
 	start int64,
 	p []byte,
 ) (n int, err error) {
+	// Sanity check: reject obviously invalid offsets
+	if start < 0 {
+		return 0, errors.Annotatef(berrors.ErrInvalidArgument,
+			"invalid negative start offset: %d", start)
+	}
 	end := start + int64(len(p))
+	// Detect overflow: if end wrapped around to negative, overflow occurred
+	if end < start {
+		return 0, errors.Annotatef(berrors.ErrInvalidArgument,
+			"range calculation overflow: start=%d, len=%d", start, len(p))
+	}
 	rd, err := storage.Open(ctx, name, &ReaderOption{
 		StartOffset: &start,
 		EndOffset:   &end,

diff --git a/br/pkg/stream/decode_kv.go b/br/pkg/stream/decode_kv.go
@@ -16,6 +16,7 @@ package stream
 
 import (
 	"encoding/binary"
+	"math"
 
 	"github.com/pingcap/errors"
 	berrors "github.com/pingcap/tidb/br/pkg/errors"
@@ -63,7 +64,18 @@ func (ei *EventIterator) Next() {
 
 // Valid checks whether the iterator is valid.
 func (ei *EventIterator) Valid() bool {
-	return ei.err == nil && ei.pos < uint32(len(ei.buff))
+	if ei.err != nil {
+		return false
+	}
+	buffLen := len(ei.buff)
+	// Check if buffer length exceeds uint32 range
+	// This prevents truncation when comparing with ei.pos (uint32)
+	if buffLen > math.MaxUint32 {
+		ei.err = errors.Annotatef(berrors.ErrInvalidArgument,
+			"buffer too large: %d bytes exceeds uint32 limit (%d bytes)", buffLen, math.MaxUint32)
+		return false
+	}
+	return ei.pos < uint32(buffLen)
 }
 
 // Key gets the key in kv-event if valid() == true

diff --git a/br/pkg/stream/stream_metas.go b/br/pkg/stream/stream_metas.go
@@ -1173,7 +1173,14 @@ func (m MigrationExt) applyMetaEditTo(ctx context.Context, medit *pb.MetaEdit, m
 					medit.DeleteLogicalFiles[idx].Spans,
 					dfi.RangeOffset,
 					func(s *pb.Span, u uint64) int {
-						return int(s.Offset - u)
+						// Use comparison instead of subtraction to avoid uint64 underflow
+						// and int overflow issues
+						if s.Offset < u {
+							return -1
+						} else if s.Offset > u {
+							return 1
+						}
+						return 0
 					})
 				if ok && medit.DeleteLogicalFiles[idx].Spans[received].Length != dfi.RangeLength {
 					err = errors.Annotatef(

diff --git a/br/pkg/task/common.go b/br/pkg/task/common.go
@@ -8,6 +8,7 @@ import (
 	"crypto/tls"
 	"encoding/hex"
 	"fmt"
+	"math"
 	"net/url"
 	"os"
 	"path"
@@ -631,6 +632,13 @@ func (cfg *Config) ParseFromFlags(flags *pflag.FlagSet) error {
 	if rateLimitUnit, err = flags.GetUint64(flagRateLimitUnit); err != nil {
 		return errors.Trace(err)
 	}
+	// Check for multiplication overflow when both values are non-zero
+	// This prevents silent wraparound that would cause incorrect rate limiting
+	if rateLimit > 0 && rateLimitUnit > 0 && rateLimit > math.MaxUint64/rateLimitUnit {
+		return errors.Annotatef(berrors.ErrInvalidArgument,
+			"rate limit calculation overflow: %d * %d exceeds uint64 max (consider max ~17PB/s)",
+			rateLimit, rateLimitUnit)
+	}
 	cfg.RateLimit = rateLimit * rateLimitUnit
 
 	cfg.Schemas = make(map[string]struct{})