The new-api project has released two commits that add boundary checks and saturation arithmetic to prevent integer overflow in quota calculations, which could cause negative charges. This fix addresses a severe billing vulnerability that could allow users to artificially gain credits by triggering negative deductions, impacting any deployment using new-api for metering or billing. It underscores the importance of robust input validation in financial logic. The vulnerability stemmed from missing validation on user-controllable parameters in quota calculation; when oversized values caused integer overflow, deductions became negative. The fix introduces upper-bound validation and saturation arithmetic that clamps results to the maximum representable value instead of wrapping around.
Background
Integer overflow occurs when an arithmetic operation exceeds the maximum value a fixed-width integer can hold, causing it to 'wrap around' to a negative or very small value. In security contexts, this can bypass checks and lead to unintended behavior. Saturation arithmetic is a technique that clamps the result to the range's extremes instead of wrapping, preventing such exploits.