More CodeQL fixes

kittens/unicode_input/main.go

@@ -6,6 +6,7 @@ import (
 	"bytes"
 	"errors"
 	"fmt"
+	"math"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -388,17 +389,18 @@ func (self *handler) switch_mode(mode Mode) {
 
 func (self *handler) handle_hex_key_event(event *loop.KeyEvent) {
 	text := self.rl.AllText()
-	val, err := strconv.ParseUint(text, 16, 32)
+	uval, err := strconv.ParseUint(text, 16, 32)
 	new_val := -1
-	if err != nil {
+	if err != nil || uval > math.MaxInt {
 		return
 	}
+	val := int(uval)
 	if event.MatchesPressOrRepeat("tab") {
-		new_val = int(val) + 10
+		new_val = val + 10
 	} else if event.MatchesPressOrRepeat("up") {
-		new_val = int(val) + 1
+		new_val = val + 1
 	} else if event.MatchesPressOrRepeat("down") {
-		new_val = utils.Max(32, int(val)-1)
+		new_val = max(32, val-1)
 	}
 	if new_val > -1 {
 		event.Handled = true

tools/config/utils.go

@@ -11,6 +11,7 @@ import (
 	"strconv"
 	"strings"
 	"sync"
+	"unicode/utf8"
 )
 
 var _ = fmt.Print
@@ -59,8 +60,9 @@ func StringLiteral(val string) (string, error) {
 	var state State
 	decode := func(base int) {
 		text := string(buf[:bufcount])
-		num, _ := strconv.ParseUint(text, base, 32)
-		ans.WriteRune(rune(num))
+		if num, err := strconv.ParseUint(text, base, 32); err == nil && num <= utf8.MaxRune {
+			ans.WriteRune(rune(num))
+		}
 		state = normal
 		bufcount = 0
 		buflimit = 0

tools/simdstring/generate.go

@@ -806,7 +806,7 @@ func (f *Function) SetRegisterTo(self Register, val any) {
 }
 
 func (r Register) ARMId() uint32 {
-	num, err := strconv.Atoi(r.Name[1:])
+	num, err := strconv.ParseUint(r.Name[1:], 10, 32)
 	if err != nil {
 		panic(err)
 	}

tools/tui/loop/key-encoding.go

@@ -4,6 +4,7 @@ package loop
 
 import (
 	"fmt"
+	"math"
 	"strconv"
 	"strings"
 
@@ -152,7 +153,7 @@ func KeyEventFromCSI(csi string) *KeyEvent {
 				ans[i] = missing
 			} else {
 				q, err := strconv.ParseUint(x, 10, 32)
-				if err != nil {
+				if err != nil || q > math.MaxInt32 {
 					return nil
 				}
 				ans[i] = int32(q)

tools/utils/iso8601.go

@@ -4,6 +4,7 @@ package utils
 
 import (
 	"fmt"
+	"math"
 	"strconv"
 	"strings"
 	"time"
@@ -43,7 +44,10 @@ func ISO8601Parse(raw string) (time.Time, error) {
 		text := raw[:num_digits]
 		raw = raw[num_digits:]
 		ans, err := strconv.ParseUint(text, 10, 32)
-		return int(ans), err
+		if err == nil && ans <= math.MaxInt {
+			return int(ans), nil
+		}
+		return math.MaxInt, err
 
 	}
 	optional_separator := func(x byte) bool {
@@ -77,7 +81,8 @@ func ISO8601Parse(raw string) (time.Time, error) {
 		}
 	}
 
-	var hour, minute, second, nsec int
+	var hour, minute, second int
+	var nsec int64
 
 	if len(raw) > 0 && (raw[0] == 'T' || raw[0] == ' ') {
 		raw = raw[1:]
@@ -114,7 +119,7 @@ func ISO8601Parse(raw string) (time.Time, error) {
 				if err != nil {
 					return errf("timestamp does not have a valid nanosecond field")
 				}
-				nsec = int(n)
+				nsec = int64(n)
 				for ; extra > 0; extra-- {
 					nsec *= 10
 				}
@@ -158,7 +163,7 @@ func ISO8601Parse(raw string) (time.Time, error) {
 		seconds := tzhour*3600 + tzminute*60
 		loc = time.FixedZone("", tzsign*seconds)
 	}
-	return time.Date(year, time.Month(month), day, hour, minute, second, nsec, loc), err
+	return time.Date(year, time.Month(month), day, hour, minute, second, int(nsec), loc), err
 }
 
 func ISO8601Format(x time.Time) string {

tools/utils/shlex/ansi_c_escapes.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"strconv"
 	"strings"
+	"unicode/utf8"
 )
 
 var _ = fmt.Print
@@ -38,7 +39,7 @@ func is_oct_char(ch rune) bool {
 func (self *ansi_c) write_digits(base int) {
 	if self.digit_idx > 0 {
 		text := string(self.digits[:self.digit_idx])
-		if val, err := strconv.ParseUint(text, base, 32); err == nil && val <= 0x10ffff {
+		if val, err := strconv.ParseUint(text, base, 32); err == nil && val <= utf8.MaxRune {
 			self.output.WriteRune(rune(val))
 		}
 	}