fix(image): reject trailing garbage in resize size parameter

lexfrei · claude · lexfrei · commit 99a805647ea4 · 2026-02-27T00:07:40.000+03:00
Add !iss.eof() check to istringstream parsing so inputs like "100abc"
or "100GB" are rejected instead of silently truncating to 100. The CLI
path was already protected by regex validation in size_in_mb(), but
direct XML-RPC/gRPC API callers were not.

Co-Authored-By: Claude &lt;noreply@anthropic.com&gt;
Signed-off-by: Aleksei Sviridkin &lt;f@lex.la&gt;
diff --git a/src/image/ImageManagerActions.cc b/src/image/ImageManagerActions.cc
@@ -1653,7 +1653,7 @@ int ImageManager::resize_image(int iid, const string& size, string& error)
     istringstream iss(size);
     iss >> new_size;
 
-    if (iss.fail() || new_size <= 0)
+    if (iss.fail() || !iss.eof() || new_size <= 0)
     {
         error = "Invalid size value: " + size;
         return -1;
diff --git a/src/oca/go/src/goca/image_test.go b/src/oca/go/src/goca/image_test.go
@@ -258,6 +258,11 @@ func (s *ImageSuite) TestResize(c *C) {
 	c.Assert(err, NotNil)
 	c.Assert(err.Error(), Matches, ".*Invalid size.*")
 
+	// Resize with trailing garbage should fail (not silently truncate)
+	err = imageC.Resize("100abc")
+	c.Assert(err, NotNil)
+	c.Assert(err.Error(), Matches, ".*Invalid size.*")
+
 	// Successful resize to larger size
 	err = imageC.Resize("2")
 	c.Assert(err, IsNil)

Original file line number	Diff line number	Diff line change
`@@ -1653,7 +1653,7 @@ int ImageManager::resize_image(int iid, const string& size, string& error)`
`1653`	`1653`	`istringstream iss(size);`
`1654`	`1654`	`iss >> new_size;`
`1655`	`1655`
`1656`		`- if (iss.fail() \|\| new_size <= 0)`
	`1656`	`+ if (iss.fail() \|\| !iss.eof() \|\| new_size <= 0)`
`1657`	`1657`	`{`
`1658`	`1658`	`error = "Invalid size value: " + size;`
`1659`	`1659`	`return -1;`