Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: incorrect conversion between integer types #2605

Merged
merged 7 commits into from
Feb 7, 2024

Conversation

spiffcs
Copy link
Contributor

@spiffcs spiffcs commented Feb 7, 2024

Summary

if a string is parsed into an int using strconv.Atoi, and subsequently that int is converted into another integer type of a smaller size, the result can produce unexpected values.

This PR adds an upper/lower bound check for the int when converting down to int32 as the file.Mode

https://pkg.go.dev/os#FileMode <-- Points to fs.FileMode
https://pkg.go.dev/io/fs#FileMode <-- fs.FileMode

if a string is parsed into an int using strconv.Atoi,
and subsequently that int is converted into another integer type of a smaller size,
the result can produce unexpected values.

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
@spiffcs spiffcs enabled auto-merge (squash) February 7, 2024 20:31
@spiffcs spiffcs merged commit bd0cb91 into main Feb 7, 2024
11 checks passed
@spiffcs spiffcs deleted the incorrect-conversion-between-integer-types branch February 7, 2024 20:41
@wagoodman wagoodman added the bug Something isn't working label Feb 7, 2024
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
* chore: match strconv.ParseInt to file mode type

if a string is parsed into an int using strconv.Atoi,
and subsequently that int is converted into another integer type of a smaller size,
the result can produce unexpected values.
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants