Skip to content

fix: prevent panic when GitLab release has more links than sources (#36295)#36305

Merged
wxiaoguang merged 1 commit intogo-gitea:release/v1.25from
GiteaBot:backport-36295-v1.25
Jan 5, 2026
Merged

fix: prevent panic when GitLab release has more links than sources (#36295)#36305
wxiaoguang merged 1 commit intogo-gitea:release/v1.25from
GiteaBot:backport-36295-v1.25

Conversation

@GiteaBot
Copy link
Copy Markdown
Collaborator

@GiteaBot GiteaBot commented Jan 5, 2026
edited by wxiaoguang
Loading

Backport #36295 by argoyle

The code incorrectly assumed rel.Assets.Links and rel.Assets.Sources arrays have equal length. This causes index out of bounds panic when migrating GitLab releases with more links than sources, which is common with GoReleaser-generated releases.

The fix sets ContentType to nil instead of using Sources[k].Format. This is safe because ContentType is not actually used when uploading release assets - the repo_model.Attachment struct has no ContentType field, so the value was being discarded anyway.

Fixes #36292

@argoyle @wxiaoguang @GiteaBot
fix: prevent panic when GitLab release has more links than sources (g…
fcf8d9f 
…o-gitea#36295)

The code incorrectly assumed rel.Assets.Links and rel.Assets.Sources
arrays have equal length. This causes index out of bounds panic when
migrating GitLab releases with more links than sources, which is common
with GoReleaser-generated releases.

Fixes go-gitea#36292

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
@GiteaBot GiteaBot added modifies/go Pull requests that update Go code topic/repo-migration Migrate repos from other platforms to Gitea, or from Gitea to them type/bug labels Jan 5, 2026
@GiteaBot GiteaBot added this to the 1.25.4 milestone Jan 5, 2026
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Jan 5, 2026
@GiteaBot GiteaBot requested review from lunny and wxiaoguang January 5, 2026 17:00
@wxiaoguang wxiaoguang enabled auto-merge (squash) January 5, 2026 17:01
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Jan 5, 2026
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Jan 5, 2026
@wxiaoguang wxiaoguang merged commit c2f9edd into go-gitea:release/v1.25 Jan 5, 2026
26 checks passed
@techknowlogick techknowlogick deleted the backport-36295-v1.25 branch January 8, 2026 13:21
chudnyi pushed a commit to integratop/helm-gitea-mirror that referenced this pull request Mar 25, 2026
@lunny
chore(deps): update dependency go-gitea/gitea to v1.25.4 (#1012)
19bc25f 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [go-gitea/gitea](https://github.com/go-gitea/gitea) | patch | `1.25.3` -> `1.25.4` |

---

### Release Notes

<details>
<summary>go-gitea/gitea (go-gitea/gitea)</summary>

### [`v1.25.4`](https://github.com/go-gitea/gitea/releases/tag/v1.25.4)

[Compare Source](go-gitea/gitea@v1.25.3...v1.25.4)

- SECURITY
  - Release attachments must belong to the intended repo ([#&#8203;36347](go-gitea/gitea#36347)) ([#&#8203;36375](go-gitea/gitea#36375))
  - Fix permission check on org project operations ([#&#8203;36318](go-gitea/gitea#36318)) ([#&#8203;36373](go-gitea/gitea#36373))
  - Clean watches when make a repository private and check permission when send release emails ([#&#8203;36319](go-gitea/gitea#36319)) ([#&#8203;36370](go-gitea/gitea#36370))
  - Add more check for stopwatch read or list ([#&#8203;36340](go-gitea/gitea#36340)) ([#&#8203;36368](go-gitea/gitea#36368))
  - Fix openid setting check ([#&#8203;36346](go-gitea/gitea#36346)) ([#&#8203;36361](go-gitea/gitea#36361))
  - Fix cancel auto merge bug ([#&#8203;36341](go-gitea/gitea#36341)) ([#&#8203;36356](go-gitea/gitea#36356))
  - Fix delete attachment check ([#&#8203;36320](go-gitea/gitea#36320)) ([#&#8203;36355](go-gitea/gitea#36355))
  - LFS locks must belong to the intended repo ([#&#8203;36344](go-gitea/gitea#36344)) ([#&#8203;36349](go-gitea/gitea#36349))
  - Fix bug on notification read ([#&#8203;36339](go-gitea/gitea#36339)) [#&#8203;36387](go-gitea/gitea#36387)

- ENHANCEMENTS
  - Add more routes to the "expensive" list ([#&#8203;36290](go-gitea/gitea#36290))
  - Make "commit statuses" API accept slashes in "ref" ([#&#8203;36264](go-gitea/gitea#36264)) ([#&#8203;36275](go-gitea/gitea#36275))

- BUGFIXES
  - Fix markdown newline handling during IME composition ([#&#8203;36421](go-gitea/gitea#36421)) [#&#8203;36424](go-gitea/gitea#36424)
  - Fix missing repository id when migrating release attachments ([#&#8203;36389](go-gitea/gitea#36389))
  - Fix bug when compare in the pull request ([#&#8203;36363](go-gitea/gitea#36363)) ([#&#8203;36372](go-gitea/gitea#36372))
  - Fix incorrect text content detection ([#&#8203;36364](go-gitea/gitea#36364)) ([#&#8203;36369](go-gitea/gitea#36369))
  - Fill missing `has_code` in repository api ([#&#8203;36338](go-gitea/gitea#36338)) ([#&#8203;36359](go-gitea/gitea#36359))
  - Fix notifications pagination query parameters ([#&#8203;36351](go-gitea/gitea#36351)) ([#&#8203;36358](go-gitea/gitea#36358))
  - Fix some trivial problems ([#&#8203;36336](go-gitea/gitea#36336)) ([#&#8203;36337](go-gitea/gitea#36337))
  - Prevent panic when GitLab release has more links than sources ([#&#8203;36295](go-gitea/gitea#36295)) ([#&#8203;36305](go-gitea/gitea#36305))
  - Fix stats bug when syncing release ([#&#8203;36285](go-gitea/gitea#36285)) ([#&#8203;36294](go-gitea/gitea#36294))
  - Always honor user's choice for "delete branch after merge" ([#&#8203;36281](go-gitea/gitea#36281)) ([#&#8203;36286](go-gitea/gitea#36286))
  - Use the requested host for LFS links ([#&#8203;36242](go-gitea/gitea#36242)) ([#&#8203;36258](go-gitea/gitea#36258))
  - Fix panic when get editor config file ([#&#8203;36241](go-gitea/gitea#36241)) ([#&#8203;36247](go-gitea/gitea#36247))
  - Fix regression in writing authorized principals ([#&#8203;36213](go-gitea/gitea#36213)) ([#&#8203;36218](go-gitea/gitea#36218))
  - Fix WebAuthn error checking ([#&#8203;36219](go-gitea/gitea#36219)) ([#&#8203;36235](go-gitea/gitea#36235))

Instances on **[Gitea Cloud](https://cloud.gitea.com)** will be automatically upgraded to this version during the specified maintenance window.

</details>

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xOC4xIiwidXBkYXRlZEluVmVyIjoiNDEuMTguMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsia2luZC9kZXBlbmRlbmN5Il19-->

Reviewed-on: https://gitea.com/gitea/helm-gitea/pulls/1012
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lunny lunny lunny approved these changes

@wxiaoguang wxiaoguang wxiaoguang approved these changes

Assignees

No one assigned

Labels

lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/go Pull requests that update Go code topic/repo-migration Migrate repos from other platforms to Gitea, or from Gitea to them type/bug

Projects

None yet

Milestone

1.25.4

Development

Successfully merging this pull request may close these issues.

4 participants

@GiteaBot @lunny @wxiaoguang @argoyle