From 5027d3fa44dc2027952e98a7504ef5ca49965a3f Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Mon, 1 Nov 2021 06:23:56 +0000
Subject: [PATCH] Avoid using getIntValue()

Because it does not have a result if the value is
too large to fit in a 32-bit signed integer type
---
 .../semmle/go/security/IncorrectIntegerConversionLib.qll   | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll b/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll
index 62760a0287f..927c26500e4 100644
--- a/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll
+++ b/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll
@@ -143,7 +143,10 @@ class ConversionWithoutBoundsCheckConfig extends TaintTracking::Configuration {
 
 /** An upper bound check that compares a variable to a constant value. */
 class UpperBoundCheckGuard extends DataFlow::BarrierGuard, DataFlow::RelationalComparisonNode {
-  UpperBoundCheckGuard() { count(expr.getAnOperand().getIntValue()) = 1 }
+  UpperBoundCheckGuard() {
+    count(expr.getAnOperand().getExactValue()) = 1 and
+    expr.getAnOperand().getType().getUnderlyingType() instanceof IntegerType
+  }
 
   /**
    * Gets the constant value which this upper bound check ensures the
@@ -159,7 +162,7 @@ class UpperBoundCheckGuard extends DataFlow::BarrierGuard, DataFlow::RelationalC
 
   override predicate checks(Expr e, boolean branch) {
     this.leq(branch, DataFlow::exprNode(e), _, _) and
-    not exists(e.getIntValue())
+    not e.isConst()
   }
 }