cmd/dev: validate --port fits the derived-port range

dev derives additional ports from --port + offsets (metrics, gRPC, debug). A --port near uint16 max would overflow silently; add up-front validation that rejects values that would push derived ports over 65535. Updates #3157
2026-04-25 17:15:33 +02:00 · 2026-04-17 06:51:23 +00:00
parent 427b2f15ee
commit 1a58b77271
1 changed files with 12 additions and 0 deletions
--- a/cmd/dev/main.go
+++ b/cmd/dev/main.go
@@ -28,6 +28,11 @@ var errHealthTimeout = errors.New("health check timed out")

 var errEmptyAuthKey = errors.New("empty auth key in response")

+// maxDevPort is the highest --port value that keeps both the derived
+// metrics port (port+1010) and gRPC port (port+42363) inside the valid
+// 1..65535 TCP range.
+const maxDevPort = 23172
+
 const devConfig = `---
 server_url: http://127.0.0.1:%d
 listen_addr: 127.0.0.1:%d
@@ -76,6 +81,13 @@ func main() {
 	flag.Parse()
 	log.SetFlags(0)

+	if *port < 1 || *port > maxDevPort {
+		log.Fatalf(
+			"--port must be in 1..%d (higher values overflow the derived gRPC port); got %d",
+			maxDevPort, *port,
+		)
+	}
+
 	http.DefaultClient.Timeout = 2 * time.Second
 	http.DefaultClient.CheckRedirect = func(*http.Request, []*http.Request) error {
 		return http.ErrUseLastResponse