From 2601f50026fdcfb1b46cbd4e38cd35477778252d Mon Sep 17 00:00:00 2001
From: silverwind <me@silverwind.io>
Date: Fri, 13 Mar 2026 02:20:58 +0100
Subject: [PATCH] Bound PageSize in `ListUnadoptedRepositories` (#36884)

Add `SetDefaultValues()` call to ensure PageSize is bounded, preventing
potential excessive memory allocation from unbounded pagination
parameters.

Fixes CodeQL alert
[#188](https://github.com/go-gitea/gitea/security/code-scanning/188).
All other 49 open alerts were false-positives and are dismissed with
appropriate comments.

Co-authored-by: Claude (Opus 4.6) <noreply@anthropic.com>
---
 services/repository/adopt.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/services/repository/adopt.go b/services/repository/adopt.go
index f25659e110..1255967e59 100644
--- a/services/repository/adopt.go
+++ b/services/repository/adopt.go
@@ -291,6 +291,7 @@ func checkUnadoptedRepositories(ctx context.Context, userName string, repoNamesT
 
 // ListUnadoptedRepositories lists all the unadopted repositories that match the provided query
 func ListUnadoptedRepositories(ctx context.Context, query string, opts *db.ListOptions) ([]string, int64, error) {
+	opts.SetDefaultValues()
 	globUser, _ := glob.Compile("*")
 	globRepo, _ := glob.Compile("*")