[code-scanning-fix] Fix go/incorrect-integer-conversion: integer truncation in stableHash#42696
Conversation
…onversion) Fixes CodeQL alert #637 (high severity). The stableHash function was converting the architecture-dependent int parameter 'modulo' to uint32 before performing the modulo operation. On 64-bit platforms where int is 64 bits wide, values exceeding math.MaxUint32 (~4.3 billion) would be silently truncated, producing an incorrect hash bucket. Replace the uint32(modulo) cast with int64 arithmetic to keep full precision: return int(int64(h.Sum32()) % int64(modulo)) Also add a modulo <= 0 guard to prevent a divide-by-zero panic if a caller ever passes a non-positive modulus. CWE-681: Incorrect Conversion between Numeric Types Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This comment has been minimized.
This comment has been minimized.
|
Great catch on the One thing to shore up before merge:
If you'd like a hand, you can assign this prompt to your coding agent:
|
|
🧠 Matt Pocock Skills Reviewer has completed the skills-based review. ✅ |
|
✅ PR Code Quality Reviewer completed the code quality review. |
|
✅ Test Quality Sentinel completed test quality analysis. No test files were added or modified in this PR. Test Quality Sentinel skipped. |
|
✅ Design Decision Gate 🏗️ completed the design decision gate check. No ADR enforcement needed: PR #42696 does not have the 'implementation' label and has only 6 new lines of code in business logic directories (threshold: 100). |
There was a problem hiding this comment.
Pull request overview
Fixes a high-severity CodeQL alert in the schedule scattering logic by removing an unsafe integer conversion in stableHash, ensuring correct modulo behavior even when modulo exceeds math.MaxUint32 on 64-bit platforms.
Changes:
- Added a
modulo <= 0guard to prevent modulo-by-zero panics. - Replaced
uint32(modulo)modulo arithmetic withint64arithmetic to avoid truncation on 64-bit systems.
Show a summary per file
| File | Description |
|---|---|
| pkg/parser/schedule_fuzzy_scatter.go | Fixes integer truncation in stableHash by switching to int64 modulo arithmetic and guarding non-positive modulus values. |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 1/1 changed files
- Comments generated: 1
- Review effort level: Low
There was a problem hiding this comment.
Review: Fix go/incorrect-integer-conversion in stableHash
The fix correctly addresses the CodeQL alert (CWE-681) with two improvements:
-
Type safety: Replaces
uint32(modulo)withint64arithmetic —int64(h.Sum32()) % int64(modulo)— preserving full precision on 64-bit platforms wheremodulocould exceedmath.MaxUint32. -
Defensive guard: Adds
modulo <= 0check before the division to prevent a divide-by-zero panic.
Correctness: All existing callers pass small positive values (e.g., len(slice), constants like 7, 50, 120), so behavior is unchanged for current usage.
Note: int64(h.Sum32()) converts a uint32 value (always non-negative) to int64, which is always safe. The final int() cast is safe because the modulo result is in [0, modulo) and modulo fits in int.
The fix is minimal, correct, and appropriate.
🧵 Reviewed using Impeccable skills by Impeccable Skills Reviewer · 22.8 AIC · ⌖ 6.41 AIC · ⊞ 4.9K
There was a problem hiding this comment.
Skills-Based Review 🧠
Applied /diagnosing-bugs and /tdd — requesting changes on test coverage gaps.
📋 Key Themes & Highlights
Key Themes
- Missing regression test for the CVE path: The vulnerability-triggering path (
modulo > math.MaxUint32) is not exercised in the test suite. A future refactor could silently reintroduce the bug. - New guard branch not tested: The
modulo <= 0guard (zero/negative) is a sound defensive addition but has zero test coverage, leaving the new branch unspecified.
Positive Highlights
- ✅ Correct root-cause fix: using
int64intermediate arithmetic cleanly sidesteps the truncation on all platforms - ✅ Inline comment clearly explains why
int64is used and when it matters (64-bit platforms) - ✅ Defensive
modulo <= 0guard eliminates a latent panic that was present before - ✅ No behavioral change for existing callers (all pass small positive values ≤120)
🧠 Reviewed using Matt Pocock's skills by Matt Pocock Skills Reviewer · 37.6 AIC · ⌖ 7.58 AIC · ⊞ 6.6K
Comment /matt to run again
There was a problem hiding this comment.
🔎 Code quality review by PR Code Quality Reviewer · 60.5 AIC · ⌖ 8.57 AIC · ⊞ 1.6K
Comment /review to run again
|
@copilot run pr-finisher skill |
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Uh oh!
There was an error while loading. Please reload this page.