From 040ad71d784d2d5c9ba32878a417a70eb1f9c9af Mon Sep 17 00:00:00 2001
From: Weihang Lo <me@weihanglo.tw>
Date: Thu, 23 Apr 2026 11:52:29 -0400
Subject: [PATCH 1/2] test(patch): hunk range overflow panic

See

* <https://github.com/bmwill/diffy/actions/runs/24816232096/job/72631143909>
* <https://github.com/bmwill/diffy/issues/69#issuecomment-4290986913>
---
 src/patch/tests.rs | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/src/patch/tests.rs b/src/patch/tests.rs
index 7adc0a8..5f7006b 100644
--- a/src/patch/tests.rs
+++ b/src/patch/tests.rs
@@ -638,6 +638,23 @@ fn non_utf8_escaped_filename_returns_error_on_str_parse() {
     );
 }
 
+#[test]
+#[should_panic = "attempt to add with overflow"]
+fn hunk_range_overflow() {
+    let s = format!(
+        "\
+--- a/file.txt
++++ b/file.txt
+@@ -{},1 +1 @@
+-old
++new
+",
+        usize::MAX,
+    );
+    let patch = crate::Patch::from_str(&s).unwrap();
+    let _ = patch.hunks()[0].old_range().end();
+}
+
 mod error_display {
     use alloc::string::ToString;
 

From b813e9407358c2939932a4df23cd3d6481978ae2 Mon Sep 17 00:00:00 2001
From: Weihang Lo <me@weihanglo.tw>
Date: Thu, 23 Apr 2026 11:53:06 -0400
Subject: [PATCH 2/2] fix(patch): hunk range overflow panic

This fix was chosen becuase it is the minimal one.

The other two call sites are not affected,
as the comes from slices,
where the length is bound by `isize::MAX` IIUC:
<https://doc.rust-lang.org/std/slice/fn.from_raw_parts.html#safety>.

Alternatively we can return an `Option` from `HunkRange`.
---
 src/patch/parse.rs | 7 ++++++-
 src/patch/tests.rs | 7 ++++---
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/patch/parse.rs b/src/patch/parse.rs
index 0191542..793ae31 100644
--- a/src/patch/parse.rs
+++ b/src/patch/parse.rs
@@ -273,7 +273,7 @@ fn hunk_header<T: Text + ?Sized>(input: &T) -> Result<(HunkRange, HunkRange, Opt
 }
 
 fn range<T: Text + ?Sized>(s: &T) -> Result<HunkRange> {
-    let (start, len) = if let Some((start, len)) = s.split_at_exclusive(",") {
+    let (start, len): (usize, usize) = if let Some((start, len)) = s.split_at_exclusive(",") {
         (
             start.parse().ok_or(ParsePatchErrorKind::InvalidRange)?,
             len.parse().ok_or(ParsePatchErrorKind::InvalidRange)?,
@@ -282,6 +282,11 @@ fn range<T: Text + ?Sized>(s: &T) -> Result<HunkRange> {
         (s.parse().ok_or(ParsePatchErrorKind::InvalidRange)?, 1)
     };
 
+    // reject ranges that overflow
+    start
+        .checked_add(len)
+        .ok_or(ParsePatchErrorKind::InvalidRange)?;
+
     Ok(HunkRange::new(start, len))
 }
 
diff --git a/src/patch/tests.rs b/src/patch/tests.rs
index 5f7006b..9efa79a 100644
--- a/src/patch/tests.rs
+++ b/src/patch/tests.rs
@@ -639,7 +639,6 @@ fn non_utf8_escaped_filename_returns_error_on_str_parse() {
 }
 
 #[test]
-#[should_panic = "attempt to add with overflow"]
 fn hunk_range_overflow() {
     let s = format!(
         "\
@@ -651,8 +650,10 @@ fn hunk_range_overflow() {
 ",
         usize::MAX,
     );
-    let patch = crate::Patch::from_str(&s).unwrap();
-    let _ = patch.hunks()[0].old_range().end();
+    assert_eq!(
+        crate::Patch::from_str(&s).unwrap_err().kind,
+        ParsePatchErrorKind::InvalidRange,
+    );
 }
 
 mod error_display {