Skip to content

feat: Update swift-syntax version #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 24, 2023
Merged

feat: Update swift-syntax version #3

merged 1 commit into from
Sep 24, 2023

Conversation

maximkrouk
Copy link
Contributor

swift-syntax update from 509.0.0-swift-DEVELOPMENT-SNAPSHOT-2023-08-15-a (beta) to 509.0.0

@stackotter stackotter merged commit 41cc7a1 into stackotter:main Sep 24, 2023
@stackotter
Copy link
Owner

Thanks for the PR 👌 I hadn’t seen that a release had been made yet

stackotter pushed a commit that referenced this pull request Dec 27, 2024
@supervacuus
fix: remove a potential overflow before conversion (#1062)
a0663a6 
* fix: remove a potential overflow before conversion

This is in response to CodeQL security scan alert #1-#3.

`Elf[32|64]_Ehdr[.e_phnum|.e_phentsize|.e_shnum|.e_shentsize]` are all `uint16_t`, this means the loop-var `i` is bounded by `uint16_t` and should fit in a `uint32_t` (to prevent unsigned overflow in the loop). A switch to unsigned still makes sense, because we reduce the future chance of unnecessary signed overflow (=UB) in the loop body.

All program/section-header table entry sizes are cast to `uin64_t` even though the multiplication is bound to `uint32_t` by both factors being bound by `uint16_t`. This fixes the potential overflow before conversion to the bigger type.

* also safely cast the access to section header string table.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@maximkrouk @stackotter