Skip to content

Potential fix for code scanning alert no. 270: Incorrect conversion between integer types #27

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jul 15, 2025
Merged

Potential fix for code scanning alert no. 270: Incorrect conversion between integer types #27

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 8 additions & 2 deletions sql/system_booltype.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,15 +92,21 @@
return int8(value), nil
}
case uint64:
return t.Convert(int64(value))
if value <= math.MaxInt64 {
return t.Convert(int64(value))
}
return nil, ErrInvalidSystemVariableValue.New(t.varName, v)
case float32:
return t.Convert(float64(value))
case float64:
// Float values aren't truly accepted, but the engine will give them when it should give ints.
// Therefore, if the float doesn't have a fractional portion, we treat it as an int.
if value == float64(int64(value)) {
if value >= float64(math.MinInt64) && value <= float64(math.MaxInt64) {
return t.Convert(int64(value))
if intVal := int64(value); intVal >= math.MinInt8 && intVal <= math.MaxInt8 {

Check failure

Code scanning / CodeQL

Incorrect conversion between integer types High

Incorrect conversion of an unsigned 64-bit integer from
strconv.ParseUint
Loading
to a lower bit size type int64 without an upper bound check.
Incorrect conversion of an unsigned 64-bit integer from
strconv.ParseUint
Loading
to a lower bit size type int64 without an upper bound check.
Incorrect conversion of an unsigned 64-bit integer from
strconv.ParseUint
Loading
to a lower bit size type int64 without an upper bound check.
Incorrect conversion of an unsigned 64-bit integer from
strconv.ParseUint
Loading
to a lower bit size type int64 without an upper bound check.

Copilot Autofix

AI 5 months ago

To fix the issue, we need to ensure that the conversion from uint64 to int64 and subsequently to int8 is safe and does not result in unexpected values. This involves:

  1. Adding a stricter bounds check for uint64 values before converting them to int64.
  2. Ensuring that the int64 value is within the range of int8 before performing the conversion.

The changes will be made in the Convert method of the systemBoolType struct in sql/system_booltype.go.

Suggested changeset 1
sql/system_booltype.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/sql/system_booltype.go b/sql/system_booltype.go
--- a/sql/system_booltype.go
+++ b/sql/system_booltype.go
@@ -95,3 +95,7 @@
 		if value <= math.MaxInt64 {
-			return t.Convert(int64(value))
+			intVal := int64(value)
+			if intVal >= math.MinInt8 && intVal <= math.MaxInt8 {
+				return int8(intVal), nil
+			}
+			return nil, ErrInvalidSystemVariableValue.New(t.varName, v)
 		}
EOF
@@ -95,3 +95,7 @@
if value <= math.MaxInt64 {
return t.Convert(int64(value))
intVal := int64(value)
if intVal >= math.MinInt8 && intVal <= math.MaxInt8 {
return int8(intVal), nil
}
return nil, ErrInvalidSystemVariableValue.New(t.varName, v)
}
Copilot is powered by AI and may make mistakes. Always verify output.
return t.Convert(intVal)
}
return nil, ErrInvalidSystemVariableValue.New(t.varName, v)
}
return nil, ErrInvalidSystemVariableValue.New(t.varName, v)
}
Expand Down
Loading