From 5cd19d1fecec5e1b2345032e4614e24d1d8a1f3c Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Sat, 24 Oct 2020 01:24:08 +0200
Subject: [PATCH] opts: fix potential integer overflow CWE-190, CWE-681

Caught by CodeQL:

> Incorrect conversion of an integer with architecture-dependent bit size
> from strconv.ParseUint to a lower bit size type uint16 without an upper
> bound check.

fixes https://github.com/docker/cli/security/code-scanning/2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 opts/weightdevice.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/opts/weightdevice.go b/opts/weightdevice.go
index 46ce9b6567..f8057d0fb7 100644
--- a/opts/weightdevice.go
+++ b/opts/weightdevice.go
@@ -20,7 +20,7 @@ func ValidateWeightDevice(val string) (*blkiodev.WeightDevice, error) {
 	if !strings.HasPrefix(split[0], "/dev/") {
 		return nil, fmt.Errorf("bad format for device path: %s", val)
 	}
-	weight, err := strconv.ParseUint(split[1], 10, 0)
+	weight, err := strconv.ParseUint(split[1], 10, 16)
 	if err != nil {
 		return nil, fmt.Errorf("invalid weight for device: %s", val)
 	}