From 3d5687b291e2d7d9a3442d1daa38d98f351cea9d Mon Sep 17 00:00:00 2001
From: J-P Nurmi <jpnurmi@gmail.com>
Date: Thu, 4 Jun 2026 11:00:14 +0200
Subject: [PATCH 1/3] fix: `sentry__slice_consume_uint64`

Use strtoull instead of strtoll to correctly parse the full uint64_t
range (up to UINT64_MAX). Reject negative numbers by scanning for a
minus sign within the consumed character range via memchr, since
strtoull silently wraps negative values on macOS without setting errno.
---
 src/sentry_slice.c      |  5 +++--
 tests/unit/test_slice.c | 26 ++++++++++++++++++++++++++
 tests/unit/tests.inc    |  1 +
 3 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/src/sentry_slice.c b/src/sentry_slice.c
index ae33e62da3..6c74817516 100644
--- a/src/sentry_slice.c
+++ b/src/sentry_slice.c
@@ -95,8 +95,9 @@ sentry__slice_consume_uint64(sentry_slice_t *a, uint64_t *num_out)
     memcpy(buf, a->ptr, a->len);
     buf[a->len] = 0;
     char *end;
-    *num_out = (uint64_t)strtoll(buf, &end, 10);
-    if (end != buf) {
+    unsigned long long val = strtoull(buf, &end, 10);
+    if (end != buf && !memchr(buf, '-', end - buf)) {
+        *num_out = (uint64_t)val;
         size_t diff = (uintptr_t)end - (uintptr_t)buf;
         a->len -= diff;
         a->ptr += diff;
diff --git a/tests/unit/test_slice.c b/tests/unit/test_slice.c
index dfef751b0d..f6e45ba416 100644
--- a/tests/unit/test_slice.c
+++ b/tests/unit/test_slice.c
@@ -19,3 +19,29 @@ SENTRY_TEST(slice)
     TEST_CHECK_STRING_EQUAL(owned, "string");
     sentry_free(owned);
 }
+
+SENTRY_TEST(slice_consume_uint64)
+{
+    uint64_t value = 0;
+
+    sentry_slice_t zero = sentry__slice_from_str("0:foo-bar");
+    value = 0;
+    TEST_CHECK(sentry__slice_consume_uint64(&zero, &value));
+    TEST_CHECK_UINT64_EQUAL(value, 0);
+    TEST_CHECK_UINT64_EQUAL(zero.len, 8);
+    TEST_CHECK_STRING_EQUAL(zero.ptr, ":foo-bar");
+
+    sentry_slice_t max = sentry__slice_from_str("18446744073709551615:foo-bar");
+    value = 0;
+    TEST_CHECK(sentry__slice_consume_uint64(&max, &value));
+    TEST_CHECK_UINT64_EQUAL(value, UINT64_MAX);
+    TEST_CHECK_UINT64_EQUAL(max.len, 8);
+    TEST_CHECK_STRING_EQUAL(max.ptr, ":foo-bar");
+
+    sentry_slice_t negative = sentry__slice_from_str("-1:foo-bar");
+    value = 0;
+    TEST_CHECK(!sentry__slice_consume_uint64(&negative, &value));
+    TEST_CHECK_UINT64_EQUAL(value, 0);
+    TEST_CHECK_UINT64_EQUAL(negative.len, 10);
+    TEST_CHECK_STRING_EQUAL(negative.ptr, "-1:foo-bar");
+}
diff --git a/tests/unit/tests.inc b/tests/unit/tests.inc
index e7ad60ab96..f9e90a1a66 100644
--- a/tests/unit/tests.inc
+++ b/tests/unit/tests.inc
@@ -299,6 +299,7 @@ XX(set_trace_id_with_txn)
 XX(set_trace_rebuilds_dsc_sample_rand)
 XX(set_trace_update_from_header)
 XX(slice)
+XX(slice_consume_uint64)
 XX(span_data)
 XX(span_data_n)
 XX(span_tagging)

From fdb11457ab12770e6af254144b63dfdfd92e50e5 Mon Sep 17 00:00:00 2001
From: J-P Nurmi <jpnurmi@gmail.com>
Date: Thu, 4 Jun 2026 11:04:19 +0200
Subject: [PATCH 2/3] Update CHANGELOG.md

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 586cee5d23..4cc201dddb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -36,6 +36,7 @@
 - Prevent database cleanup from following symlinks in run and cache directories. ([#1751](https://github.com/getsentry/sentry-native/pull/1751))
 - Structured logs: respect printf argument widths when extracting log parameters to avoid stack-data disclosure and corrupted attributes on 32-bit platforms. ([#1752](https://github.com/getsentry/sentry-native/pull/1752))
 - Fix TOCTOU races in transaction/span refcounting by switching to the atomic decref return value. ([#1763](https://github.com/getsentry/sentry-native/pull/1763))
+- Fix signed-to-unsigned cast in rate-limit parsing to prevent permanent event suppression. ([#1790](https://github.com/getsentry/sentry-native/pull/1790))
 - Fix a potential out-of-bounds read when parsing non-NUL-terminated `sentry-trace` headers. ([#1749](https://github.com/getsentry/sentry-native/pull/1749))
 - Harden ELF note parsing against overflow and OOB reads. ([#1773](https://github.com/getsentry/sentry-native/pull/1773))
 - Fix division by zero when breadcrumbs are disabled. ([#1767](https://github.com/getsentry/sentry-native/pull/1767))

From 40949591d2abb6b182a0f61e6d3cf36e0589bdfd Mon Sep 17 00:00:00 2001
From: J-P Nurmi <jpnurmi@gmail.com>
Date: Thu, 4 Jun 2026 12:32:17 +0200
Subject: [PATCH 3/3] size_t diff

---
 src/sentry_slice.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/sentry_slice.c b/src/sentry_slice.c
index 6c74817516..47466d1dcc 100644
--- a/src/sentry_slice.c
+++ b/src/sentry_slice.c
@@ -96,9 +96,9 @@ sentry__slice_consume_uint64(sentry_slice_t *a, uint64_t *num_out)
     buf[a->len] = 0;
     char *end;
     unsigned long long val = strtoull(buf, &end, 10);
-    if (end != buf && !memchr(buf, '-', end - buf)) {
+    size_t diff = (uintptr_t)end - (uintptr_t)buf;
+    if (end != buf && !memchr(buf, '-', diff)) {
         *num_out = (uint64_t)val;
-        size_t diff = (uintptr_t)end - (uintptr_t)buf;
         a->len -= diff;
         a->ptr += diff;
         rv = true;