From d5cc54fcf7583eda109e7609c16d47c937cc2ee4 Mon Sep 17 00:00:00 2001
From: Gurjit-30 <143714757+Gurjit-30@users.noreply.github.com>
Date: Sun, 12 Apr 2026 17:20:14 +0530
Subject: [PATCH] Fix: Avoid arithmetic overflow in RandIntFromRange

- Use big.Int for span calculation instead of int64 cast
- Prevents silent overflow on 32-bit systems or extreme input ranges
- Handles edge cases more robustly
---
 server/channels/utils/random.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/server/channels/utils/random.go b/server/channels/utils/random.go
index 199f8f27dc2..e0a0002c222 100644
--- a/server/channels/utils/random.go
+++ b/server/channels/utils/random.go
@@ -17,8 +17,13 @@ func RandIntFromRange(r Range) int {
 	if r.End-r.Begin <= 0 {
 		return r.Begin
 	}
-	max := int64((r.End - r.Begin) + 1)
-	n, err := rand.Int(rand.Reader, big.NewInt(max))
+	// Use big.Int for span calculation to avoid arithmetic overflow
+	begin := big.NewInt(int64(r.Begin))
+	end := big.NewInt(int64(r.End))
+	max := new(big.Int).Sub(end, begin)
+	max.Add(max, big.NewInt(1))
+	
+	n, err := rand.Int(rand.Reader, max)
 	if err != nil {
 		// Fallback to begin value if crypto/rand fails (rare)
 		return r.Begin