Skip to content

Golang Integer Overflow

What does this mean ?

Potential Integer overflow made by strconv.Atoi result conversion to int16/32.The strconv.Atoi function parses an int - a machine dependent integer type, which, for 64-bit targets will be int64. There are places throughout the codebase where the result returned from strconv.Atoi is later converted to a smaller type: int16 or int32. This may overflow with a certain input.

What can happen ?

In this case the result returned from strconv.Atoi is later converted to a smaller type: int16 or int32. This may overflow with a certain input.

Recommendation

It's highly recommended to use a proper go function to avoid this.

Sample Code

Vulnerable :

package main
import "fmt"

func main() {
    i := 2147483648
    i32 := int32(i)
    fmt.println(i32)
}

Non Vulnerable :

package main
import (
    "fmt",
    "github.com/rung/go-safecast"
)

func main() {
    i := 2147483648
    i32, err := safecast.Int32(i)
    if err != nil {
        panic(err)
    }
    fmt.println(i32)
}

References