fix a few postgres integer overflows

Author: lovasoa

sqlx-core/src/error.rs

@@ -103,6 +103,9 @@ pub enum Error {
     #[cfg(feature = "migrate")]
     #[error("{0}")]
     Migrate(#[source] Box<crate::migrate::MigrateError>),
+
+    #[error("integer overflow while converting to target type")]
+    IntegerOverflow(#[source] std::num::TryFromIntError),
 }
 
 impl StdError for Box<dyn DatabaseError> {}

sqlx-core/src/postgres/arguments.rs

@@ -95,7 +95,7 @@ impl PgArguments {
         }
 
         for (offset, name) in type_holes {
-            let oid = conn.fetch_type_id_by_name(&*name).await?;
+            let oid = conn.fetch_type_id_by_name(name).await?;
             buffer[*offset..(*offset + 4)].copy_from_slice(&oid.0.to_be_bytes());
         }
 
@@ -134,7 +134,7 @@ impl PgArgumentBuffer {
 
         // encode the value into our buffer
         let len = if let IsNull::No = value.encode(self) {
-            (self.len() - offset - 4) as i32
+            i32::try_from(self.len() - offset - 4).expect("bind parameter too large")
         } else {
             // Write a -1 to indicate NULL
             // NOTE: It is illegal for [encode] to write any data

sqlx-core/src/postgres/migrate.rs

@@ -202,11 +202,11 @@ CREATE TABLE IF NOT EXISTS _sqlx_migrations (
                     .map_err(MigrateError::AccessMigrationMetadata)?;
 
             if let Some(checksum) = checksum {
-                return if checksum == &*migration.checksum {
+                if checksum == *migration.checksum {
                     Ok(())
                 } else {
                     Err(MigrateError::VersionMismatch(migration.version))
-                };
+                }
             } else {
                 Err(MigrateError::VersionMissing(migration.version))
             }
@@ -257,7 +257,7 @@ CREATE TABLE IF NOT EXISTS _sqlx_migrations (
     WHERE version = $2
                 "#,
             )
-            .bind(elapsed.as_nanos() as i64)
+            .bind(i64::try_from(elapsed.as_nanos()).map_err(crate::error::Error::IntegerOverflow)?)
             .bind(migration.version)
             .execute(self)
             .await?;
@@ -295,9 +295,9 @@ CREATE TABLE IF NOT EXISTS _sqlx_migrations (
 
 async fn current_database(conn: &mut PgConnection) -> Result<String> {
     // language=SQL
-    Ok(query_scalar("SELECT current_database()")
+    query_scalar("SELECT current_database()")
         .fetch_one(conn)
-        .await?)
+        .await
 }
 
 // inspired from rails: https://github.com/rails/rails/blob/6e49cc77ab3d16c06e12f93158eaf3e507d4120e/activerecord/lib/active_record/migration.rb#L1308

sqlx-core/src/postgres/types/array.rs

@@ -112,10 +112,12 @@ where
             }
         }
 
-        buf.extend(&(self.len() as i32).to_be_bytes()); // len
+        let len = i32::try_from(self.len()).unwrap_or(i32::MAX);
+
+        buf.extend(len.to_be_bytes()); // len
         buf.extend(&1_i32.to_be_bytes()); // lower bound
 
-        for element in self.iter() {
+        for element in self.iter().take(usize::try_from(len).unwrap()) {
             buf.encode(element);
         }
 

sqlx-core/src/postgres/types/bit_vec.rs

@@ -31,9 +31,16 @@ impl PgHasArrayType for BitVec {
 
 impl Encode<'_, Postgres> for BitVec {
     fn encode_by_ref(&self, buf: &mut PgArgumentBuffer) -> IsNull {
-        buf.extend(&(self.len() as i32).to_be_bytes());
-        buf.extend(self.to_bytes());
-
+        if let Ok(len) = i32::try_from(self.len()) {
+            buf.extend(&len.to_be_bytes());
+            buf.extend_from_slice(&self.to_bytes());
+        } else {
+            debug_assert!(false, "BitVec length is too large to be encoded as i32.");
+            let len = i32::MAX;
+            buf.extend(&len.to_be_bytes());
+            let truncated = &self.to_bytes()[0..usize::try_from(i32::MAX).unwrap()];
+            buf.extend_from_slice(truncated);
+        };
         IsNull::No
     }
 
@@ -47,17 +54,18 @@ impl Decode<'_, Postgres> for BitVec {
         match value.format() {
             PgValueFormat::Binary => {
                 let mut bytes = value.as_bytes()?;
-                let len = bytes.get_i32();
-
-                if len < 0 {
-                    Err(io::Error::new(
+                let len = if let Ok(len) = usize::try_from(bytes.get_i32()) {
+                    len
+                } else {
+                    return Err(io::Error::new(
                         io::ErrorKind::InvalidData,
                         "Negative VARBIT length.",
-                    ))?
-                }
+                    )
+                    .into());
+                };
 
                 // The smallest amount of data we can read is one byte
-                let bytes_len = (len as usize + 7) / 8;
+                let bytes_len = (len + 7) / 8;
 
                 if bytes.remaining() != bytes_len {
                     Err(io::Error::new(
@@ -66,12 +74,12 @@ impl Decode<'_, Postgres> for BitVec {
                     ))?;
                 }
 
-                let mut bitvec = BitVec::from_bytes(&bytes);
+                let mut bitvec = BitVec::from_bytes(bytes);
 
                 // Chop off zeroes from the back. We get bits in bytes, so if
                 // our bitvec is not in full bytes, extra zeroes are added to
                 // the end.
-                while bitvec.len() > len as usize {
+                while bitvec.len() > len {
                     bitvec.pop();
                 }
 

sqlx-core/src/postgres/types/chrono/date.rs

@@ -23,8 +23,9 @@ impl PgHasArrayType for NaiveDate {
 impl Encode<'_, Postgres> for NaiveDate {
     fn encode_by_ref(&self, buf: &mut PgArgumentBuffer) -> IsNull {
         // DATE is encoded as the days since epoch
-        let days = (*self - NaiveDate::from_ymd_opt(2000, 1, 1).unwrap()).num_days() as i32;
-        Encode::<Postgres>::encode(&days, buf)
+        let days = i32::try_from((*self - NaiveDate::from_ymd_opt(2000, 1, 1).unwrap()).num_days())
+            .unwrap_or(i32::MAX);
+        Encode::<Postgres>::encode(days, buf)
     }
 
     fn size_hint(&self) -> usize {

sqlx-core/src/postgres/types/chrono/datetime.rs

@@ -46,7 +46,7 @@ impl Encode<'_, Postgres> for NaiveDateTime {
             .num_microseconds()
             .unwrap_or_else(|| panic!("NaiveDateTime out of range for Postgres: {:?}", self));
 
-        Encode::<Postgres>::encode(&us, buf)
+        Encode::<Postgres>::encode(us, buf)
     }
 
     fn size_hint(&self) -> usize {

sqlx-core/src/postgres/types/chrono/time.rs

@@ -26,7 +26,7 @@ impl Encode<'_, Postgres> for NaiveTime {
         // NOTE: panic! is on overflow and 1 day does not have enough micros to overflow
         let us = (*self - NaiveTime::default()).num_microseconds().unwrap();
 
-        Encode::<Postgres>::encode(&us, buf)
+        Encode::<Postgres>::encode(us, buf)
     }
 
     fn size_hint(&self) -> usize {

sqlx-core/src/postgres/types/decimal.rs

@@ -93,7 +93,7 @@ impl TryFrom<&'_ Decimal> for PgNumeric {
             });
         }
 
-        let scale = decimal.scale() as u16;
+        let scale = decimal.scale();
 
         // A serialized version of the decimal number. The resulting byte array
         // will have the following representation:
@@ -114,7 +114,7 @@ impl TryFrom<&'_ Decimal> for PgNumeric {
             let remainder = 4 - groups_diff as u32;
             let power = 10u32.pow(remainder as u32) as u128;
 
-            mantissa = mantissa * power;
+            mantissa *= power;
         }
 
         // Array to store max mantissa of Decimal in Postgres decimal format.
@@ -130,8 +130,8 @@ impl TryFrom<&'_ Decimal> for PgNumeric {
         digits.reverse();
 
         // Weight is number of digits on the left side of the decimal.
-        let digits_after_decimal = (scale + 3) as u16 / 4;
-        let weight = digits.len() as i16 - digits_after_decimal as i16 - 1;
+        let digits_after_decimal = u16::try_from(scale + 3)? / 4;
+        let weight = i16::try_from(digits.len())? - i16::try_from(digits_after_decimal)? - 1;
 
         // Remove non-significant zeroes.
         while let Some(&0) = digits.last() {
@@ -143,7 +143,7 @@ impl TryFrom<&'_ Decimal> for PgNumeric {
                 false => PgNumericSign::Positive,
                 true => PgNumericSign::Negative,
             },
-            scale: scale as i16,
+            scale: i16::try_from(scale)?,
             weight,
             digits,
         })

sqlx-core/src/postgres/types/ipnetwork.rs

@@ -19,6 +19,7 @@ const AF_INET: u8 = 2;
 const AF_INET: u8 = 0;
 
 #[cfg(unix)]
+#[allow(clippy::cast_possible_truncation)]
 const AF_INET: u8 = libc::AF_INET as u8;
 
 // https://github.com/postgres/postgres/blob/574925bfd0a8175f6e161936ea11d9695677ba09/src/include/utils/inet.h#L39