Skip to content

Potential fix for code scanning alert no. 268: Incorrect conversion between integer types #26

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jul 15, 2025
Merged

Potential fix for code scanning alert no. 268: Incorrect conversion between integer types #26

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 5 additions & 4 deletions sql/system_settype.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,12 +90,13 @@
case float64:
// Float values aren't truly accepted, but the engine will give them when it should give ints.
// Therefore, if the float doesn't have a fractional portion, we treat it as an int.
if value == float64(int64(value)) {
if value < float64(math.MinInt64) || value > float64(math.MaxInt64) {
return nil, ErrInvalidSystemVariableValue.New(t.varName, v)
if value >= float64(math.MinInt64) && value <= float64(math.MaxInt64) {
intValue := int64(value)

Check failure

Code scanning / CodeQL

Incorrect conversion between integer types High

Incorrect conversion of an unsigned 64-bit integer from
strconv.ParseUint
Loading
to a lower bit size type int64 without an upper bound check.
Incorrect conversion of an unsigned 64-bit integer from
strconv.ParseUint
Loading
to a lower bit size type int64 without an upper bound check.
Incorrect conversion of an unsigned 64-bit integer from
strconv.ParseUint
Loading
to a lower bit size type int64 without an upper bound check.
Incorrect conversion of an unsigned 64-bit integer from
strconv.ParseUint
Loading
to a lower bit size type int64 without an upper bound check.

Copilot Autofix

AI 5 months ago

To address the issue, we need to ensure that the conversion from float64 to int64 is safe and does not allow untrusted or out-of-range values to propagate. The best approach is to add explicit bounds checks for the float64 value before performing the conversion. Additionally, we should ensure that the t.SetType.Convert(intValue) call is only executed if the value is guaranteed to be safe.

  1. Add a check to ensure that the float64 value is within the range of int64 and does not exceed the bounds of the target type.
  2. If the value is out of range or invalid, return an appropriate error or fallback value.
  3. Modify the Convert method in sql/system_settype.go to include these additional checks.
Suggested changeset 1
sql/system_settype.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/sql/system_settype.go b/sql/system_settype.go
--- a/sql/system_settype.go
+++ b/sql/system_settype.go
@@ -95,3 +95,6 @@
 			if float64(intValue) == value {
-				return t.SetType.Convert(intValue)
+				// Ensure the intValue is within the bounds of the target type
+				if intValue >= math.MinInt64 && intValue <= math.MaxInt64 {
+					return t.SetType.Convert(intValue)
+				}
 			}
@@ -99,2 +102,3 @@
 		return nil, ErrInvalidSystemVariableValue.New(t.varName, v)
+		return nil, ErrInvalidSystemVariableValue.New(t.varName, v)
 	case decimal.Decimal:
EOF
@@ -95,3 +95,6 @@
if float64(intValue) == value {
return t.SetType.Convert(intValue)
// Ensure the intValue is within the bounds of the target type
if intValue >= math.MinInt64 && intValue <= math.MaxInt64 {
return t.SetType.Convert(intValue)
}
}
@@ -99,2 +102,3 @@
return nil, ErrInvalidSystemVariableValue.New(t.varName, v)
return nil, ErrInvalidSystemVariableValue.New(t.varName, v)
case decimal.Decimal:
Copilot is powered by AI and may make mistakes. Always verify output.
if float64(intValue) == value {
return t.SetType.Convert(intValue)
}
return t.SetType.Convert(int64(value))
}
return nil, ErrInvalidSystemVariableValue.New(t.varName, v)
case decimal.Decimal:
f, _ := value.Float64()
return t.Convert(f)
Expand Down
Loading