Merge pull request #1057 from jfcg/master

CodeQL & fixes

Author: otan

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,26 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ master ]
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+    - name: Checkout repo
+      uses: actions/checkout@v2
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: 'go'
+
+    - name: CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

array.go

@@ -587,8 +587,8 @@ func (a *Int32Array) scanBytes(src []byte) error {
 	} else {
 		b := make(Int32Array, len(elems))
 		for i, v := range elems {
-			var x int
-			if x, err = strconv.Atoi(string(v)); err != nil {
+			x, err := strconv.ParseInt(string(v), 10, 32)
+			if err != nil {
 				return fmt.Errorf("pq: parsing array element index %d: %v", i, err)
 			}
 			b[i] = int32(x)

encode.go

@@ -559,7 +559,7 @@ func parseBytea(s []byte) (result []byte, err error) {
 				if len(s) < 4 {
 					return nil, fmt.Errorf("invalid bytea sequence %v", s)
 				}
-				r, err := strconv.ParseInt(string(s[1:4]), 8, 9)
+				r, err := strconv.ParseUint(string(s[1:4]), 8, 8)
 				if err != nil {
 					return nil, fmt.Errorf("could not parse bytea value: %s", err.Error())
 				}