Fix code scanning alert - Incorrect conversion between integer types

Fantom-foundation / Aida

Aida is a block-processing testing infrastructure for EVM-compatible chains.

GNU Lesser General Public License v3.0

4 stars 12 forks source link

Fix code scanning alert - Incorrect conversion between integer types #1109

Closed wsodsong closed 3 months ago

wsodsong commented 3 months ago

Tracking issue for:

[ ] https://github.com/Fantom-foundation/Aida/security/code-scanning/1
[ ] https://github.com/Fantom-foundation/Aida/security/code-scanning/2

rpl-ffl commented 3 months ago

Incoming string range 0-2**64, but converted to int32 eventually.

https://codeql.github.com/codeql-query-help/go/go-incorrect-integer-conversion/

func parseAllocateGood4(wanted string) int32 {
    parsed, err := strconv.ParseInt(wanted, 10, 64)
    if err != nil {
        panic(err)
    }
    // GOOD: check for lower and uppper bounds
    if parsed > 0 && parsed <= math.MaxInt32 {
        return int32(parsed)
    }
    return DefaultAllocate
}