From 799ad5d47ac0f5dbd1e33790cc1ba9528fbba804 Mon Sep 17 00:00:00 2001
From: Octo Bot <bot@mininglamp.com>
Date: Tue, 26 May 2026 10:23:49 +0800
Subject: [PATCH] fix(config): add integer conversion safety checks

- GetEnvInt: use bitSize=0 to match platform int width
- SendMessage: bounds-check message_seq before uint32 cast
- Avatar paths: guard against non-positive Partition value
---
 config/config.go | 20 ++++++++++++++++----
 config/msg.go    |  4 ++++
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/config/config.go b/config/config.go
index 993ca75..b215b94 100644
--- a/config/config.go
+++ b/config/config.go
@@ -878,19 +878,31 @@ func (c *Config) GetAvatarPath(uid string) string {
 
 // GetGroupAvatarFilePath 获取群头像上传路径
 func (c *Config) GetGroupAvatarFilePath(groupNo string) string {
-	avatarID := crc32.ChecksumIEEE([]byte(groupNo)) % uint32(c.Avatar.Partition)
+	partition := c.Avatar.Partition
+	if partition <= 0 {
+		partition = 1
+	}
+	avatarID := crc32.ChecksumIEEE([]byte(groupNo)) % uint32(partition)
 	return fmt.Sprintf("group/%d/%s.png", avatarID, groupNo)
 }
 
 // GetCommunityAvatarFilePath 获取社区头像上传路径
 func (c *Config) GetCommunityAvatarFilePath(communityNo string) string {
-	avatarID := crc32.ChecksumIEEE([]byte(communityNo)) % uint32(c.Avatar.Partition)
+	partition := c.Avatar.Partition
+	if partition <= 0 {
+		partition = 1
+	}
+	avatarID := crc32.ChecksumIEEE([]byte(communityNo)) % uint32(partition)
 	return fmt.Sprintf("community/%d/%s.png", avatarID, communityNo)
 }
 
 // GetCommunityCoverFilePath 获取社区封面上传路径
 func (c *Config) GetCommunityCoverFilePath(communityNo string) string {
-	avatarID := crc32.ChecksumIEEE([]byte(communityNo)) % uint32(c.Avatar.Partition)
+	partition := c.Avatar.Partition
+	if partition <= 0 {
+		partition = 1
+	}
+	avatarID := crc32.ChecksumIEEE([]byte(communityNo)) % uint32(partition)
 	return fmt.Sprintf("community/%d/%s_cover.png", avatarID, communityNo)
 }
 
@@ -975,7 +987,7 @@ func GetEnvInt(key string, defaultValue int) int {
 	if strings.TrimSpace(v) == "" {
 		return defaultValue
 	}
-	i, err := strconv.ParseInt(v, 10, 64)
+	i, err := strconv.ParseInt(v, 10, 0)
 	if err != nil {
 		fmt.Printf("WARN: invalid env %s=%q, using default %d: %v\n", key, v, defaultValue, err)
 		return defaultValue
diff --git a/config/msg.go b/config/msg.go
index 13f2143..ee9b9c1 100644
--- a/config/msg.go
+++ b/config/msg.go
@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"math"
 	"net/http"
 	"strings"
 
@@ -155,6 +156,9 @@ func (c *Context) SendMessageWithResult(req *MsgSendReq) (*MsgSendResp, error) {
 		messageID := dataResult.Get("message_id").Int()
 		messageSeq := dataResult.Get("message_seq").Int()
 		clientMsgNo := dataResult.Get("client_msg_no").String()
+		if messageSeq < 0 || messageSeq > math.MaxUint32 {
+			return nil, fmt.Errorf("IM服务[SendMessage]返回 message_seq=%d 超出 uint32 范围", messageSeq)
+		}
 		return &MsgSendResp{
 			MessageID:   messageID,
 			MessageSeq:  uint32(messageSeq),