[DO NOT MERGE] SF 2.0 #7597
[DO NOT MERGE] SF 2.0 #7597
Conversation
# Conflicts: # common/common.go # common/configs/processConfigs.go # epochStart/metachain/trigger.go # process/block/metablock.go
# Conflicts: # common/interface.go # factory/core/coreComponents.go # testscommon/processConfigsHandlerStub.go
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| roundsPerEpochUint = minRoundModulus | ||
| } | ||
|
|
||
| mp.nrEpochsChanges = int(epochs) |
Check failure
Code scanning / CodeQL
Incorrect conversion between integer types High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 4 days ago
In general, the fix is to avoid converting a parsed int64 to a smaller integer type without bounding it first. Either parse directly with the bit size of the destination type, or clamp/check the value before conversion. Here we must keep the existing interface and behavior, so we will add validation around epochs before assigning it to mp.nrEpochsChanges.
Concretely, in epochsFastForward we should (1) ensure epochs is non‑negative, since a negative number of epoch changes makes no sense and would cause nrEpochsChanges to be negative; and (2) ensure epochs is not larger than math.MaxInt so that casting to int is safe on all platforms. If the value is out of bounds, we’ll log and return early without modifying nrEpochsChanges or roundsModulus (similar to how other parse errors are handled). We already import math/big but not math; we will add an import of the standard math package and use math.MaxInt as the upper bound. The only changes are: add math to the imports and update the body of epochsFastForward around the use of epochs and the assignment to mp.nrEpochsChanges.
| @@ -5,6 +5,7 @@ | ||
| "encoding/hex" | ||
| "errors" | ||
| "fmt" | ||
| "math" | ||
| "math/big" | ||
| "strconv" | ||
| "strings" | ||
| @@ -2921,11 +2922,17 @@ | ||
| epochs, err := strconv.ParseInt(tokens[1], 10, 64) | ||
| if err != nil { | ||
| log.Error("epochfastforward", "epochs could not be parsed", tokens[1]) | ||
| return | ||
| } | ||
| if epochs < 0 || epochs > int64(math.MaxInt) { | ||
| log.Error("epochfastforward", "epochs out of allowed range", epochs) | ||
| return | ||
| } | ||
|
|
||
| roundsPerEpoch, err := strconv.ParseInt(tokens[2], 10, 64) | ||
| if err != nil { | ||
| log.Error("epochfastforward", "rounds could not be parsed", tokens[2]) | ||
| return | ||
| } | ||
| roundsPerEpochUint := uint64(roundsPerEpoch) | ||
|
|
# Conflicts: # common/common.go # factory/core/coreComponents.go
3 participants
Reasoning behind the pull request
Proposed changes
Testing procedure
Pre-requisites
Based on the Contributing Guidelines the PR author and the reviewers must check the following requirements are met:
featbranch created?featbranch merging, do all satellite projects have a proper tag insidego.mod?