Skip to content

Commit

Permalink
fix: gosec: add uint32 overflow check
Browse files Browse the repository at this point in the history 
Signed-off-by: Christian Stewart <christian@aperture.us>
  • Loading branch information
@paralin
paralin committed Aug 21, 2024
1 parent c638af9 commit 7945736
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions srpc/packet-rw.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"context"
"encoding/binary"
"io"
"math"
"sync"

"github.com/pkg/errors"
Expand Down Expand Up @@ -42,8 +43,15 @@ func (r *PacketReadWriter) WritePacket(p *Packet) error {
defer r.writeMtx.Unlock()

msgSize := p.SizeVT()

// G115: integer overflow conversion int -> uint32 (gosec)
if msgSize > math.MaxUint32 {
return errors.New("message size exceeds maximum uint32 value")
}

data := make([]byte, 4+msgSize)
binary.LittleEndian.PutUint32(data, uint32(msgSize))

Check failure on line 53 in srpc/packet-rw.go

View workflow job for this annotation

GitHub Actions / tests (1.22, 22.x) 

G115: integer overflow conversion int -> uint32 (gosec)

_, err := p.MarshalToSizedBufferVT(data[4:])
if err != nil {
return err
Expand Down

0 comments on commit 7945736

Please sign in to comment.