Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

Author: bootjp

kv/txn_codec.go

@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"encoding/binary"
 	"io"
+	"math"
 
 	"github.com/cockroachdb/errors"
 )
@@ -209,6 +210,21 @@ func encodeTxnRollbackRecord() []byte {
 }
 
 func readTxnField(r *bytes.Reader, n uint64, truncatedMessage string) ([]byte, error) {
+	// Fast-path zero-length fields.
+	if n == 0 {
+		return nil, nil
+	}
+
+	// Ensure the requested length does not exceed the remaining reader length.
+	if n > uint64(r.Len()) {
+		return nil, errors.New(truncatedMessage)
+	}
+
+	// Guard against uint64 -> int overflow / excessively large allocations.
+	if n > uint64(math.MaxInt) {
+		return nil, errors.New("transaction field size overflows int")
+	}
+
 	b, err := readTxnSizedBytes(r, n)
 	if err == nil {
 		return b, nil
@@ -224,23 +240,12 @@ func readTxnSizedBytes(r *bytes.Reader, n uint64) ([]byte, error) {
 		return nil, nil
 	}
 
-	var out []byte
-	var chunkBuf [txnReadChunkSize]byte
-	remaining := n
-	for remaining >= txnReadChunkSize {
-		if _, err := io.ReadFull(r, chunkBuf[:]); err != nil {
-			return nil, errors.WithStack(err)
-		}
-		out = append(out, chunkBuf[:]...)
-		remaining -= txnReadChunkSize
-	}
-	for remaining > 0 {
-		b, err := r.ReadByte()
-		if err != nil {
-			return nil, errors.WithStack(err)
-		}
-		out = append(out, b)
-		remaining--
+	// At this point, callers are expected to have validated that n is safe to
+	// convert to int and does not exceed the remaining reader length.
+	size := int(n)
+	out := make([]byte, size)
+	if _, err := io.ReadFull(r, out); err != nil {
+		return nil, errors.WithStack(err)
 	}
 	return out, nil
 }