bug: GlobalReader.ReadFrom panics with fromSequence > MaxInt64 — both pgstore and sqlitestore #153

New issue

Closed

opened 2026-03-01 12:24:10 +00:00 by ash · 0 comments

ash commented

2026-03-01 12:24:10 +00:00

Owner

Bug

Found by red team testing. ReadFrom(ctx, math.MaxUint64, limit) panics with pgx encoding error.

The API accepts uint64 for fromSequence but Postgres BIGSERIAL is int64 (max 9.2×10¹⁸). Any fromSequence > MaxInt64 causes a panic.

Fix

Add bounds check at the top of ReadFrom in both pgstore and sqlitestore:

if fromSequence > math.MaxInt64 {
    return nil, nil // no events can exist past MaxInt64
}

Also add to LatestSequence return type documentation that the practical max is MaxInt64.

Priority

Medium — unlikely in practice (9.2 quintillion events) but the API should not panic on valid uint64 input.

## Bug Found by red team testing. `ReadFrom(ctx, math.MaxUint64, limit)` panics with pgx encoding error. The API accepts `uint64` for `fromSequence` but Postgres BIGSERIAL is `int64` (max 9.2×10¹⁸). Any `fromSequence > MaxInt64` causes a panic. ## Fix Add bounds check at the top of ReadFrom in both pgstore and sqlitestore: ```go if fromSequence > math.MaxInt64 { return nil, nil // no events can exist past MaxInt64 } ``` Also add to LatestSequence return type documentation that the practical max is MaxInt64. ## Priority Medium — unlikely in practice (9.2 quintillion events) but the API should not panic on valid uint64 input.

ash changed title from ~~bug: GlobalReader.ReadFrom panics with fromSequence > MaxInt64~~ to bug: GlobalReader.ReadFrom panics with fromSequence > MaxInt64 — both pgstore and sqlitestore

2026-03-01 12:35:28 +00:00

ash referenced this issue from a commit

2026-03-01 12:40:07 +00:00

feat: CommandHandler auto-retry + uint64 bounds check — Closes #156, Closes #153

ash closed this issue

2026-03-01 12:40:07 +00:00