From 42f83c60cf9f2ca6944dea1c1e6898fd2b646b93 Mon Sep 17 00:00:00 2001
From: mathew <meta@pobox.com>
Date: Fri, 29 Jul 2022 11:58:52 -0500
Subject: [PATCH] Prevent overflow and panic on large HTTP responses (#1351)

---
 http.go      | 6 ++++++
 http_test.go | 2 ++
 2 files changed, 8 insertions(+)

diff --git a/http.go b/http.go
index 0cf1bfed1f..cfeeac5df9 100644
--- a/http.go
+++ b/http.go
@@ -8,6 +8,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"math"
 	"mime/multipart"
 	"net"
 	"os"
@@ -2278,5 +2279,10 @@ func round2(n int) int {
 	x |= x >> 8
 	x |= x >> 16
 
+	// Make sure we don't return 0 due to overflow, even on 32 bit systems
+	if x >= uint32(math.MaxInt32) {
+		return math.MaxInt32
+	}
+
 	return int(x + 1)
 }
diff --git a/http_test.go b/http_test.go
index 7d6c8d5b0e..071d177b6e 100644
--- a/http_test.go
+++ b/http_test.go
@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
+	"math"
 	"mime/multipart"
 	"net/http"
 	"net/http/httptest"
@@ -1963,6 +1964,7 @@ func TestRound2(t *testing.T) {
 	testRound2(t, 8, 8)
 	testRound2(t, 9, 16)
 	testRound2(t, 0x10001, 0x20000)
+	testRound2(t, math.MaxInt32-1, math.MaxInt32)
 }
 
 func testRound2(t *testing.T, n, expectedRound2 int) {