Merge pull request #29 from trimble-oss/alert-autofix-274

joel-rieke · web-flow · commit d965129b722c · 2025-07-15T13:39:27.000-07:00
Potential fix for code scanning alert no. 274: Incorrect conversion between integer types
diff --git a/sql/expression/bit_ops.go b/sql/expression/bit_ops.go
@@ -189,6 +189,9 @@ func convertUintFromInt(n int64) uint64 {
 	if err != nil {
 		return 0
 	}
+	if uintVal > math.MaxInt64 {
+		return 0 // Out of range for int64
+	}
 	return uintVal
 }
 
diff --git a/sql/system_booltype.go b/sql/system_booltype.go
@@ -103,10 +103,10 @@ func (t systemBoolType) Convert(v interface{}) (interface{}, error) {
 		// Therefore, if the float doesn't have a fractional portion, we treat it as an int.
 		if value == float64(int64(value)) {
 			if value >= float64(math.MinInt64) && value <= float64(math.MaxInt64) {
-				if intVal := int64(value); intVal >= math.MinInt8 && intVal <= math.MaxInt8 {
-					return t.Convert(intVal)
+				intVal := int64(value)
+				if intVal >= math.MinInt8 && intVal <= math.MaxInt8 {
+					return int8(intVal), nil
 				}
-				return nil, ErrInvalidSystemVariableValue.New(t.varName, v)
 			}
 			return nil, ErrInvalidSystemVariableValue.New(t.varName, v)
 		}
diff --git a/sql/system_inttype.go b/sql/system_inttype.go
@@ -15,6 +15,7 @@
 package sql
 
 import (
+	"math"
 	"reflect"
 	"strconv"
 
@@ -98,7 +99,13 @@ func (t systemIntType) Convert(v interface{}) (interface{}, error) {
 		// Float values aren't truly accepted, but the engine will give them when it should give ints.
 		// Therefore, if the float doesn't have a fractional portion, we treat it as an int.
 		if value == float64(int64(value)) {
-			return t.Convert(int64(value))
+			if value >= float64(t.lowerbound) && value <= float64(t.upperbound) {
+				if value >= float64(math.MinInt64) && value <= float64(math.MaxInt64) {
+					intVal := int64(value)
+					return t.Convert(intVal)
+				}
+			}
+			return nil, ErrInvalidSystemVariableValue.New(t.varName, v)
 		}
 	case decimal.Decimal:
 		f, _ := value.Float64()
diff --git a/sql/system_uinttype.go b/sql/system_uinttype.go
@@ -88,13 +88,15 @@ func (t systemUintType) Convert(v interface{}) (interface{}, error) {
 		if value >= t.lowerbound && value <= t.upperbound {
 			return value, nil
 		}
-	case float32:
-		return t.Convert(float64(value))
 	case float64:
 		// Float values aren't truly accepted, but the engine will give them when it should give ints.
 		// Therefore, if the float doesn't have a fractional portion, we treat it as an int.
 		if value == float64(uint64(value)) {
-			return t.Convert(uint64(value))
+			if value >= float64(t.lowerbound) && value <= float64(t.upperbound) {
+				uintVal := uint64(value)
+				return t.Convert(uintVal)
+			}
+			return nil, ErrInvalidSystemVariableValue.New(t.varName, v)
 		}
 	case decimal.Decimal:
 		f, _ := value.Float64()

Original file line number	Diff line number	Diff line change
`@@ -189,6 +189,9 @@ func convertUintFromInt(n int64) uint64 {`
`189`	`189`	`if err != nil {`
`190`	`190`	`return 0`
`191`	`191`	`}`
	`192`	`+ if uintVal > math.MaxInt64 {`
	`193`	`+ return 0 // Out of range for int64`
	`194`	`+ }`
`192`	`195`	`return uintVal`
`193`	`196`	`}`
`194`	`197`
Original file line number	Diff line number	Diff line change
`@@ -103,10 +103,10 @@ func (t systemBoolType) Convert(v interface{}) (interface{}, error) {`
`103`	`103`	`// Therefore, if the float doesn't have a fractional portion, we treat it as an int.`
`104`	`104`	`if value == float64(int64(value)) {`
`105`	`105`	`if value >= float64(math.MinInt64) && value <= float64(math.MaxInt64) {`
`106`		`- if intVal := int64(value); intVal >= math.MinInt8 && intVal <= math.MaxInt8 {`
`107`		`- return t.Convert(intVal)`
	`106`	`+ intVal := int64(value)`
	`107`	`+ if intVal >= math.MinInt8 && intVal <= math.MaxInt8 {`
	`108`	`+ return int8(intVal), nil`
`108`	`109`	`}`
`109`		`- return nil, ErrInvalidSystemVariableValue.New(t.varName, v)`
`110`	`110`	`}`
`111`	`111`	`return nil, ErrInvalidSystemVariableValue.New(t.varName, v)`
`112`	`112`	`}`