Skip to content

fix(rate-limit): non-overflowing token-refill computation#4

Merged
Reddimus merged 1 commit into
mainfrom
fix/rate-limit-refill-overflow
Jun 7, 2026
Merged

fix(rate-limit): non-overflowing token-refill computation#4
Reddimus merged 1 commit into
mainfrom
fix/rate-limit-refill-overflow

Conversation

@Reddimus

@Reddimus Reddimus commented Jun 7, 2026

Copy link
Copy Markdown
Owner

From the SDK correctness audit. After a long idle gap, narrowing elapsed/interval (or the tokens_+new_tokens sum) to uint16 before min() wraps to a small value, defeating the token cap. Compute in int64, clamp to max_tokens, then narrow. 24/24 tests pass, lint clean.

After a long idle gap, elapsed/interval can exceed uint16; narrowing it (or
the tokens_+new_tokens sum) to uint16 BEFORE the min() wraps it to a small
value and defeats the cap. Compute in int64, clamp to max_tokens, then
narrow.
@Reddimus Reddimus merged commit 957ab93 into main Jun 7, 2026
3 checks passed
@Reddimus Reddimus deleted the fix/rate-limit-refill-overflow branch June 7, 2026 12:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant