Skip to content

Potential fix for code scanning alert no. 271: Incorrect conversion between integer types #28

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Jul 15, 2025
Merged

Potential fix for code scanning alert no. 271: Incorrect conversion between integer types #28

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
c69b562
Potential fix for code scanning alert no. 271: Incorrect conversion b…
joel-rieke Jul 15, 2025
35fd5cb
Potential fix for code scanning alert no. 275: Incorrect conversion b…
joel-rieke Jul 15, 2025
be1798b
Remove duplicate line. Thanks gobot
joel-rieke Jul 15, 2025
be618c2
Remove another duplicate
joel-rieke Jul 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 6 additions & 3 deletions sql/system_settype.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,12 +91,15 @@
// Float values aren't truly accepted, but the engine will give them when it should give ints.
// Therefore, if the float doesn't have a fractional portion, we treat it as an int.
if value >= float64(math.MinInt64) && value <= float64(math.MaxInt64) {
intValue := int64(value)
if float64(intValue) == value {
if math.Trunc(value) == value { // Ensure no fractional part exists
if value < 0 || value > math.MaxInt64 { // Additional bounds check
return nil, ErrInvalidSystemVariableValue.New(t.varName, v) // Reject out-of-range values
}
intValue := int64(value)

Check failure

Code scanning / CodeQL

Incorrect conversion between integer types High

Incorrect conversion of an unsigned 64-bit integer from
strconv.ParseUint
Loading
to a lower bit size type int64 without an upper bound check.
Incorrect conversion of an unsigned 64-bit integer from
strconv.ParseUint
Loading
to a lower bit size type int64 without an upper bound check.
Incorrect conversion of an unsigned 64-bit integer from
strconv.ParseUint
Loading
to a lower bit size type int64 without an upper bound check.

Copilot Autofix

AI 5 months ago

The issue can be fixed by explicitly rejecting values that exceed the valid range of int64 when interpreted as signed integers. Additionally, the code can clarify its intent by distinguishing between signed and unsigned conversions, ensuring no ambiguity or misuse occurs.

  1. Update the Convert function to include more explicit checks for float64 to int64 conversion.
  2. Make the boundary checks explicit and ensure they are tailored to the type being converted (int64 in this case).
  3. Return an appropriate error if the value is out of bounds.

The changes will improve code clarity and ensure that boundary conditions are adequately addressed.

Suggested changeset 1
sql/system_settype.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/sql/system_settype.go b/sql/system_settype.go
--- a/sql/system_settype.go
+++ b/sql/system_settype.go
@@ -92,10 +92,10 @@
 		// Therefore, if the float doesn't have a fractional portion, we treat it as an int.
 		if value >= float64(math.MinInt64) && value <= float64(math.MaxInt64) {
 			if math.Trunc(value) == value { // Ensure no fractional part exists
-				if value < 0 || value > math.MaxInt64 { // Additional bounds check
+				intValue := int64(value)
+				if intValue < math.MinInt64 || intValue > math.MaxInt64 { // Explicit bounds check
 					return nil, ErrInvalidSystemVariableValue.New(t.varName, v) // Reject out-of-range values
 				}
-				intValue := int64(value)
 				return t.SetType.Convert(intValue)
 			}
 		}
EOF
@@ -92,10 +92,10 @@
// Therefore, if the float doesn't have a fractional portion, we treat it as an int.
if value >= float64(math.MinInt64) && value <= float64(math.MaxInt64) {
if math.Trunc(value) == value { // Ensure no fractional part exists
if value < 0 || value > math.MaxInt64 { // Additional bounds check
intValue := int64(value)
if intValue < math.MinInt64 || intValue > math.MaxInt64 { // Explicit bounds check
return nil, ErrInvalidSystemVariableValue.New(t.varName, v) // Reject out-of-range values
}
intValue := int64(value)
return t.SetType.Convert(intValue)
}
}
Copilot is powered by AI and may make mistakes. Always verify output.
return t.SetType.Convert(intValue)
}
}
return nil, ErrInvalidSystemVariableValue.New(t.varName, v)
return nil, ErrInvalidSystemVariableValue.New(t.varName, v) // Reject out-of-range values
case decimal.Decimal:
f, _ := value.Float64()
return t.Convert(f)
Expand Down
Loading