docs: Clarify PS probe limit calculation with inline comment

Replace magic number 49997 with `50000 - 3` and add a comment explaining: - Why we subtract 3 (the loop accesses i+3, so we stop 3 bytes early) - Why we cap at 50000 (don't scan huge buffers entirely) - Why we use saturating_sub (handle tiny buffers safely) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-04 05:44:53 +00:00 · 2026-01-11 00:07:35 +01:00
parent a199f4f8af
commit d5201b1129
1 changed files with 6 additions and 2 deletions
--- a/src/rust/src/demuxer/stream_functions.rs
+++ b/src/rust/src/demuxer/stream_functions.rs
@@ -331,11 +331,15 @@ unsafe fn detect_stream_type_common(ctx: &mut CcxDemuxer, ccx_options: &mut Opti
            }

            // Now check for PS (Needs PACK header)
-            // We use saturating_sub to avoid underflow if the buffer is tiny.
+            // The loop below checks 4 consecutive bytes (i, i+1, i+2, i+3), so we need
+            // to stop 3 bytes before the end to avoid out-of-bounds access.
+            // - If buffer < 50000: limit = buffer_size - 3 (scan entire buffer)
+            // - If buffer >= 50000: limit = 49997 (= 50000 - 3, cap the scan range)
+            // We use saturating_sub to safely handle tiny buffers (< 3 bytes).
            let limit = if ctx.startbytes_avail < 50000 {
                ctx.startbytes_avail.saturating_sub(3)
            } else {
-                49997
+                50000 - 3 // Don't scan huge buffers entirely; 50KB is enough
            } as usize;
            for i in 0..limit {
                if ctx.startbytes[i] == 0x00