From 19aadc6fc8187d5cd1bad08de252e74881418ab9 Mon Sep 17 00:00:00 2001
From: Kharec <sandro@cazzaniga.fr>
Date: Wed, 7 Jan 2026 15:10:51 +0100
Subject: [PATCH] fix: prevent integer overflow in uint validation

---
 internal/validation/validation.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/internal/validation/validation.go b/internal/validation/validation.go
index 7717ba1..6b7ff87 100644
--- a/internal/validation/validation.go
+++ b/internal/validation/validation.go
@@ -325,6 +325,9 @@ func validateMin(fieldName string, v reflect.Value, param string) *ValidationErr
 			return &ValidationError{Field: fieldName, Message: fmt.Sprintf("%s must be at least %d", fieldName, min)}
 		}
 	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
+		if min < 0 {
+			return &ValidationError{Field: fieldName, Message: fieldName + " has invalid min parameter (must be non-negative)"}
+		}
 		if v.Uint() < uint64(min) {
 			return &ValidationError{Field: fieldName, Message: fmt.Sprintf("%s must be at least %d", fieldName, min)}
 		}
@@ -349,6 +352,9 @@ func validateMax(fieldName string, v reflect.Value, param string) *ValidationErr
 			return &ValidationError{Field: fieldName, Message: fmt.Sprintf("%s must be at most %d", fieldName, max)}
 		}
 	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64:
+		if max < 0 {
+			return &ValidationError{Field: fieldName, Message: fieldName + " has invalid max parameter (must be non-negative)"}
+		}
 		if v.Uint() > uint64(max) {
 			return &ValidationError{Field: fieldName, Message: fmt.Sprintf("%s must be at most %d", fieldName, max)}
 		}