Skip to content

Fix integer overflow in BufferedStream.WriteToUnderlyingStreamAsync for large buffers #122944

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
stephentoub merged 3 commits into from
Jan 8, 2026
Merged

Fix integer overflow in BufferedStream.WriteToUnderlyingStreamAsync for large buffers #122944

stephentoub merged 3 commits into from
Jan 8, 2026
+25 −1

Conversation

Copy link
Contributor

Copilot AI commented Jan 6, 2026
edited
Loading

Description

BufferedStream.WriteToUnderlyingStreamAsync throws OverflowException when writing buffers larger than ~1GB due to signed integer overflow in the buffer size calculation. The synchronous Write methods were already fixed with (uint) casting, but the async path was missed.

Changes:

  • Added (uint) cast to totalUserBytes + buffer.Length comparison in WriteToUnderlyingStreamAsync to match the existing fix in synchronous Write methods (lines 871, 942)
  • Added WriteAsyncFromMemory_InputSizeLargerThanHalfOfMaxInt_ShouldSuccess test to verify async path handles large buffers correctly
// Before (throws OverflowException)
useBuffer = (totalUserBytes + buffer.Length < (_bufferSize + _bufferSize));

// After (handles up to int.MaxValue)
useBuffer = ((uint)totalUserBytes + buffer.Length < (_bufferSize + _bufferSize));

Customer Impact

Applications that write large buffers (>1GB) to BufferedStream via async methods fail with OverflowException. Common scenario: MemoryStream.CopyToAsync to BufferedStream with large content.

Regression

No, existing code path bug. Sync methods already fixed, async path oversight.

Testing

  • All 474 BufferedStream tests pass
  • OuterLoop tests verify handling of int.MaxValue/2 + 1 sized buffers for sync and async paths
  • New test explicitly covers async large buffer scenario

Risk

Low. Single-line arithmetic fix matching proven pattern already in use for synchronous methods. Overflow prevention is safer than overflow.

Original prompt

Problem

In BufferedStream.WriteToUnderlyingStreamAsync, there's a potential integer overflow when calculating whether to use the buffer. This occurs when writing very large buffers (close to or exceeding ~1GB).

The issue is at line 1081 in src/libraries/System.Private.CoreLib/src/System/IO/BufferedStream.cs:

checked
{
    // We do not expect buffer sizes big enough for an overflow, but if it happens, lets fail early:
    totalUserBytes = _writePos + buffer.Length;
    useBuffer = (totalUserBytes + buffer.Length < (_bufferSize + _bufferSize));
}

When buffer.Length is very large, the expression totalUserBytes + buffer.Length can overflow because it's using signed int arithmetic, causing an OverflowException to be thrown.

Root Cause

The synchronous Write methods have already been fixed to use (uint) casting to prevent overflow:

// Line 871 in Write(byte[], int, int):
useBuffer = ((uint)totalUserbytes + count < (_bufferSize + _bufferSize));

// Line 942 in Write(ReadOnlySpan<byte>):
useBuffer = ((uint)totalUserbytes + buffer.Length < (_bufferSize + _bufferSize));

However, the async version in WriteToUnderlyingStreamAsync is missing this cast.

Fix

Change line 1081 from:

useBuffer = (totalUserBytes + buffer.Length < (_bufferSize + _bufferSize));

To:

useBuffer = ((uint)totalUserBytes + buffer.Length < (_bufferSize + _bufferSize));

This matches the fix already applied to the synchronous Write methods and prevents the overflow by promoting the arithmetic to unsigned.

Related Issue

This fix addresses the OverflowException described in #117789, which occurs when MemoryStream.CopyToAsync writes large buffers to a BufferedStream.

This pull request was created from Copilot chat.

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI changed the title [WIP] Fix integer overflow in BufferedStream.WriteToUnderlyingStreamAsync Fix integer overflow in BufferedStream.WriteToUnderlyingStreamAsync for large buffers Jan 6, 2026
Copilot AI requested a review from stephentoub January 6, 2026 23:08
@stephentoub stephentoub marked this pull request as ready for review January 6, 2026 23:37
Copilot AI review requested due to automatic review settings January 6, 2026 23:37
@dotnet-policy-service
Copy link
Contributor

dotnet-policy-service bot commented Jan 6, 2026

Tagging subscribers to this area: @dotnet/area-system-io
See info in area-owners.md if you want to be subscribed.

@stephentoub
Copy link
Member

stephentoub commented Jan 6, 2026

/azp run runtime-libraries-coreclr outerloop

@azure-pipelines
Copy link

azure-pipelines bot commented Jan 6, 2026

Azure Pipelines successfully started running 1 pipeline(s).

Copilot AI reviewed Jan 6, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes an integer overflow bug in BufferedStream.WriteToUnderlyingStreamAsync that causes an OverflowException when writing buffers larger than ~1GB. The synchronous Write methods were previously fixed with (uint) casting, but the async path was overlooked. This change brings the async implementation in line with the synchronous methods.

Key Changes:

  • Added (uint) cast to the buffer size comparison in WriteToUnderlyingStreamAsync to prevent signed integer overflow
  • Added test coverage for async writes with large buffers (>int.MaxValue/2)

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
src/libraries/System.Private.CoreLib/src/System/IO/BufferedStream.cs Applied (uint) cast to totalUserBytes + buffer.Length comparison in WriteToUnderlyingStreamAsync (line 1082) to match the existing fix in synchronous Write methods, preventing overflow for buffers larger than 1GB
src/libraries/System.Runtime/tests/System.IO.Tests/BufferedStream/BufferedStreamTests.cs Added WriteAsyncFromMemory_InputSizeLargerThanHalfOfMaxInt_ShouldSuccess test to verify the async write path correctly handles large buffers without throwing OverflowException

This was referenced Jan 7, 2026
Open
Open
Open
Open
Open
adamsitnik
adamsitnik approved these changes Jan 7, 2026
View reviewed changes
Copy link
Member

@adamsitnik adamsitnik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@stephentoub @adamsitnik
Update src/libraries/System.Runtime/tests/System.IO.Tests/BufferedStr…
c6430fd 
…eam/BufferedStreamTests.cs

Co-authored-by: Adam Sitnik <[email protected]>
@stephentoub stephentoub enabled auto-merge (squash) January 7, 2026 21:27
@stephentoub stephentoub merged commit 979aacc into main Jan 8, 2026
139 of 143 checks passed
@adamsitnik adamsitnik deleted the copilot/fix-integer-overflow-bufferedstream branch January 8, 2026 10:35
@dotnet-maestro dotnet-maestro bot mentioned this pull request Jan 9, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@adamsitnik adamsitnik adamsitnik approved these changes

+1 more reviewer

@stephentoub stephentoub stephentoub approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@stephentoub stephentoub

Copilot code review Copilot

Labels

area-System.IO

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@stephentoub @adamsitnik