daemon/logger/fluentd: cap max-retries to MaxInt32

CodeQL was warning about a potential overflow; the default value was set to MaxInt32 in 13086f387b, which documented that higher values caused problems, so cap it to that value as maximum. 45873be4ae/daemon/logger/fluentd/fluentd.go (L45-L47) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2026-01-11 18:51:37 +00:00 · 2025-05-30 13:45:30 +02:00
parent 45873be4ae
commit 3d8195a20f
1 changed files with 7 additions and 1 deletions
--- a/daemon/logger/fluentd/fluentd.go
+++ b/daemon/logger/fluentd/fluentd.go
@@ -200,10 +200,16 @@ func parseConfig(cfg map[string]string) (fluent.Config, error) {

 	maxRetries := defaultMaxRetries
 	if cfg[maxRetriesKey] != "" {
-		mr64, err := strconv.ParseUint(cfg[maxRetriesKey], 10, strconv.IntSize)
+		mr64, err := strconv.ParseUint(cfg[maxRetriesKey], 10, 32)
 		if err != nil {
 			return config, err
 		}
+
+		// cap to MaxInt32 to prevent overflowing, and which is documented on
+		// defaultMaxRetries to be the limit above which things fail.
+		if mr64 > math.MaxInt32 {
+			return config, errors.New("invalid fluentd-max-retries: value out of range")
+		}
 		maxRetries = int(mr64)
 	}