From 8274dc1b1e3c6ccfc630bf304ede14522de1da38 Mon Sep 17 00:00:00 2001
From: Daniel Nephin <dnephin@gmail.com>
Date: Tue, 26 Apr 2022 16:57:53 -0400
Subject: [PATCH] fix: overflow

The ID should not be allowed to overflow an int64
---
 snowflake.go      |  7 +++++++
 snowflake_test.go | 16 ++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/snowflake.go b/snowflake.go
index e07011b..aad70b7 100644
--- a/snowflake.go
+++ b/snowflake.go
@@ -230,6 +230,9 @@ func ParseBase32(b []byte) (ID, error) {
 			return -1, ErrInvalidBase32
 		}
 		id = id*32 + int64(decodeBase32Map[b[i]])
+		if id <= 0 {
+			return -1, ErrInvalidBase32
+		}
 	}
 
 	return ID(id), nil
@@ -277,6 +280,10 @@ func ParseBase58(b []byte) (ID, error) {
 			return -1, ErrInvalidBase58
 		}
 		id = id*58 + int64(decodeBase58Map[b[i]])
+		if id <= 0 {
+			// overflow!
+			return -1, ErrInvalidBase58
+		}
 	}
 
 	return ID(id), nil
diff --git a/snowflake_test.go b/snowflake_test.go
index ff750c4..ee4f368 100644
--- a/snowflake_test.go
+++ b/snowflake_test.go
@@ -2,6 +2,7 @@ package snowflake
 
 import (
 	"bytes"
+	"fmt"
 	"reflect"
 	"testing"
 )
@@ -512,6 +513,12 @@ func TestParseBase32(t *testing.T) {
 			want:    -1,
 			wantErr: true,
 		},
+		{
+			name:    "overflow is invalid",
+			arg:     "byyyyyyyyyyyyy",
+			want:    -1,
+			wantErr: true,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -525,6 +532,8 @@ func TestParseBase32(t *testing.T) {
 			}
 		})
 	}
+
+	fmt.Println(ID(int64(0xfffffffffffffff) + 1).Base32())
 }
 
 func TestParseBase58(t *testing.T) {
@@ -564,7 +573,14 @@ func TestParseBase58(t *testing.T) {
 			want:    -1,
 			wantErr: true,
 		},
+		{
+			name:    "overflow is invalid",
+			arg:     "JPwcyDCgEuq",
+			want:    -1,
+			wantErr: true,
+		},
 	}
+
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			got, err := ParseBase58([]byte(tt.arg))