Sf 1.11.0 #7484
Sf 1.11.0 #7484
Conversation
# Conflicts: # consensus/spos/bls/constants.go # consensus/spos/consensusMessageValidator.go # go.mod # go.sum # process/block/metablock.go
# Conflicts: # go.mod # go.sum
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| roundsPerEpochUint = minRoundModulus | ||
| } | ||
|
|
||
| mp.nrEpochsChanges = int(epochs) |
Check failure
Code scanning / CodeQL
Incorrect conversion between integer types High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 month ago
The correct way to fix this is to ensure that the int64 value (epochs) is within the representable range for the type we're converting to (int) before the conversion takes place. This can be done by explicitly checking that epochs is between math.MinInt and math.MaxInt. If the bounds are violated, the application should either reject the input (log an error and do not apply the mutation), or fallback to a default safe value/behavior. To implement this, import the math package if it is not already present (it is), and insert a conditional check before assigning to mp.nrEpochsChanges. This check should act as a guard, such that if epochs is out of bounds, mp.nrEpochsChanges is not updated and a warning or error is logged.
| @@ -2821,6 +2821,11 @@ | ||
| roundsPerEpochUint = minRoundModulus | ||
| } | ||
|
|
||
| // Ensure epochs can safely fit into int before assignment | ||
| if epochs < int64(math.MinInt) || epochs > int64(math.MaxInt) { | ||
| log.Error("epochfastforward", "epochs value out of int bounds", epochs) | ||
| return | ||
| } | ||
| mp.nrEpochsChanges = int(epochs) | ||
| mp.roundsModulus = roundsPerEpochUint | ||
|
|
Reasoning behind the pull request
Proposed changes
Testing procedure
Pre-requisites
Based on the Contributing Guidelines the PR author and the reviewers must check the following requirements are met:
featbranch created?featbranch merging, do all satellite projects have a proper tag insidego.mod?