From ccedd064ca56921a4235219516b3d834f60e7b91 Mon Sep 17 00:00:00 2001
From: Junegunn Choi <junegunn.c@gmail.com>
Date: Sat, 23 May 2026 23:06:47 +0900
Subject: [PATCH] Fix integer overflow in FuzzyMatchV2 guard on 32-bit builds

On 32-bit platforms (GOARCH=386, arm), N*M overflows int when N is
large and M approaches 1000, wrapping negative. The wrapped value
slips past both `N*M > cap(slab.I16)` and `M > 1000`, so the V1
fallback is skipped and alloc16 panics on a negative slice bound.

Cast to int64 before multiplying.

Affects shipped 32-bit ARM builds (linux_armv5/6/7, windows_armv5/6/7).

Reported with fix by Michal Majchrowicz and Marcin Wyczechowski
(AFINE Team).
---
 src/algo/algo.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/algo/algo.go b/src/algo/algo.go
index 2f0af3e4..7748a070 100644
--- a/src/algo/algo.go
+++ b/src/algo/algo.go
@@ -443,7 +443,7 @@ func FuzzyMatchV2(caseSensitive bool, normalize bool, forward bool, input *util.
 	// we fall back to the greedy algorithm.
 	// Also, we should not allow a very long pattern to avoid 16-bit integer
 	// overflow in the score matrix. 1000 is a safe limit.
-	if slab != nil && N*M > cap(slab.I16) || M > 1000 {
+	if slab != nil && int64(N)*int64(M) > int64(cap(slab.I16)) || M > 1000 {
 		return FuzzyMatchV1(caseSensitive, normalize, forward, input, pattern, withPos, slab)
 	}