Draft
Conversation
# Conflicts: # consensus/spos/bls/constants.go # consensus/spos/consensusMessageValidator.go # go.mod # go.sum # process/block/metablock.go
# Conflicts: # go.mod # go.sum
# Conflicts: # process/sync/baseForkDetector.go
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| if roundsPerEpochUint < minRoundModulus { | ||
| log.Warn("epochfastforward rounds per epoch too small", "rounds", roundsPerEpoch, "minRoundModulus", minRoundModulus) | ||
| roundsPerEpochUint = minRoundModulus | ||
| } |
Check failure
Code scanning / CodeQL
Incorrect conversion between integer types High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 3 months ago
To fix this issue, we must ensure that the value parsed for epochs does not exceed the range (upper and lower bounds) of the destination type (int) before casting.
- The safest route is to check if
epochsis within[0, math.MaxInt)(or, guard negative values, or make a stricter minimum if negative values are not allowed) and less than or equal tomath.MaxInt(from themathpackage). - If out of bounds, the code can log an error and either return or clip
epochsto a safe value (like 0), depending on desired semantics. - The change will be in the
epochsFastForwardfunction. We'll need to import themathpackage (already imported). - Edit the block to add a bounds check for
epochsbefore casting toint, and assign a default value (0) or exit early with a warning if out of bounds.
Suggested changeset
1
process/block/metablock.go
| @@ -2810,11 +2810,13 @@ | ||
| epochs, err := strconv.ParseInt(tokens[1], 10, 64) | ||
| if err != nil { | ||
| log.Error("epochfastforward", "epochs could not be parsed", tokens[1]) | ||
| return | ||
| } | ||
|
|
||
| roundsPerEpoch, err := strconv.ParseInt(tokens[2], 10, 64) | ||
| if err != nil { | ||
| log.Error("epochfastforward", "rounds could not be parsed", tokens[2]) | ||
| return | ||
| } | ||
| roundsPerEpochUint := uint64(roundsPerEpoch) | ||
|
|
||
| @@ -2823,6 +2820,10 @@ | ||
| roundsPerEpochUint = minRoundModulus | ||
| } | ||
|
|
||
| if epochs < 0 || epochs > int64(^uint(0)>>1) { | ||
| log.Error("epochfastforward", "epochs value out of int bounds", epochs) | ||
| return | ||
| } | ||
| mp.nrEpochsChanges = int(epochs) | ||
| mp.roundsModulus = roundsPerEpochUint | ||
|
|
Copilot is powered by AI and may make mistakes. Always verify output.
|
❌ Integration Tests completed with failures or errors. 📊 MultiversX Automated Test Report: View Report 🔄 Build Details:
🚀 Environment Variables:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Reasoning behind the pull request
Proposed changes
Testing procedure
Pre-requisites
Based on the Contributing Guidelines the PR author and the reviewers must check the following requirements are met:
featbranch created?featbranch merging, do all satellite projects have a proper tag insidego.mod?