I have found these related issues/pull requests
N/A
Description
Recently, I ran Claude Code across several projects(like image-rs, lofty of symphonia) to look for potential issues.
In this projects, a significant portion of reported findings turned out to be incorrect or minor false positives, but a non-trivial subset was valid and included real issues ranging from incorrect comments to actual logic bugs. As a result, the findings generally require manual validation to separate noise from actionable problems.
Full Reports (findings-interactive.html - interactive report view for manual inspection, findings-short.md - compact list ready to copy into GitHub, findings-table.html - compact tabular report version):
findings-interactive.html
findings-short.md
findings-table.html
Example findings (this is only a subset of the findings, specifically those most likely to be actual bugs; for the full list, see the reports above):
=================================
CPY_4 LOW
Description: The max_branch_id computation lists self.branch_results.last_index() twice and never consults self.branch_origins.last_index(). A branch id appearing only in branch_origins is under-counted and omitted from the rendered query-plan graph. Impact is limited to the diagnostic EXPLAIN graph (only active under sqlx::explain TRACE logging).
Locations:
sqlx-sqlite/src/logger.rs:224-231
224 | let max_branch_id: i64 = [
225 | self.branch_operations.last_index().unwrap_or(0),
226 | self.branch_results.last_index().unwrap_or(0),
227 | self.branch_results.last_index().unwrap_or(0),
228 | ]
229 | .into_iter()
230 | .max()
231 | .unwrap_or(0);
Fix: Replace the duplicated third entry with self.branch_origins.last_index().unwrap_or(0).
CMT_3 NEGLIGIBLE
Description: The doc comment is truncated (ends with a comma) and wrong: it says the function returns true only when val is "true", but the body also returns true for "1" and is case-insensitive.
Locations:
sqlx-macros-core/src/query/metadata.rs:159-162
159 | /// Returns `true` if `val` is `"true"`,
160 | fn is_truthy_bool(val: &str) -> bool {
161 | val.eq_ignore_ascii_case("true") || val == "1"
162 | }
Fix: Fix the comment, e.g. "Returns true if val is "true" (case-insensitive) or "1".".
LOGIC_1 HIGH
Description: In AnyArguments::convert_into, the NULL float type mappings are swapped: AnyTypeInfoKind::Real (which is f32) is encoded as Option::<f64>::None, and Double (which is f64) as Option::<f32>::None. Binding a NULL f32/f64 through the Any driver sends the wrong SQL type hint, which can produce a type-mismatch error on strongly-typed backends like Postgres.
Locations:
sqlx-core/src/any/arguments.rs:70-71
70 | AnyValueKind::Null(AnyTypeInfoKind::Real) => out.add(Option::<f64>::None),
71 | AnyValueKind::Null(AnyTypeInfoKind::Double) => out.add(Option::<f32>::None),
Fix: Swap the two arms: Real => out.add(Option::<f32>::None) and Double => out.add(Option::<f64>::None).
LOGIC_2 HIGH
Description: AnyConnection::close_hard forwards to self.backend.close() (the graceful close) instead of self.backend.close_hard(). The AnyConnectionBackend trait defines a distinct close_hard (backend.rs:23) meant to close immediately without the graceful shutdown handshake, so callers requesting a hard close silently get a full graceful close.
Locations:
sqlx-core/src/any/connection/mod.rs:103-105
103 | fn close_hard(self) -> impl Future<Output = Result<(), Error>> + Send + 'static {
104 | self.backend.close()
105 | }
sqlx-core/src/any/connection/backend.rs:19-23
19 | /// Immediately close the connection without sending a graceful shutdown.
20 | ///
21 | /// This should still at least send a TCP `FIN` frame to let the server know we're dying.
22 | #[doc(hidden)]
23 | fn close_hard(self: Box<Self>) -> BoxFuture<'static, crate::Result<()>>;
Fix: Call self.backend.close_hard() in close_hard.
LOGIC_3 HIGH
Description: MySqlTime::is_negative() returns self.sign.is_positive() — inverted. It returns true for positive values and false for negative ones, and is byte-for-byte identical to is_positive() just above it. Any caller relying on is_negative() gets the opposite of the truth.
Locations:
sqlx-mysql/src/types/mysql_time.rs:209-217
209 | /// Returns `true` if `self` is positive or zero, `false` if negative.
210 | pub fn is_positive(&self) -> bool {
211 | self.sign.is_positive()
212 | }
213 |
214 | /// Returns `true` if `self` is negative, `false` if positive or zero.
215 | pub fn is_negative(&self) -> bool {
216 | self.sign.is_positive()
217 | }
Fix: Change the body to self.sign.is_negative().
Reproduction steps
N/A
SQLx version
Git
Enabled SQLx features
N/A
Database server and version
N/A
Operating system
N/A
Rust version
N/A
I have found these related issues/pull requests
N/A
Description
Recently, I ran Claude Code across several projects(like image-rs, lofty of symphonia) to look for potential issues.
In this projects, a significant portion of reported findings turned out to be incorrect or minor false positives, but a non-trivial subset was valid and included real issues ranging from incorrect comments to actual logic bugs. As a result, the findings generally require manual validation to separate noise from actionable problems.
Full Reports (
findings-interactive.html- interactive report view for manual inspection,findings-short.md- compact list ready to copy into GitHub,findings-table.html- compact tabular report version):findings-interactive.html
findings-short.md
findings-table.html
Example findings (this is only a subset of the findings, specifically those most likely to be actual bugs; for the full list, see the reports above):
=================================
CPY_4
LOWDescription: The
max_branch_idcomputation listsself.branch_results.last_index()twice and never consultsself.branch_origins.last_index(). A branch id appearing only inbranch_originsis under-counted and omitted from the rendered query-plan graph. Impact is limited to the diagnostic EXPLAIN graph (only active undersqlx::explainTRACE logging).Locations:
Fix: Replace the duplicated third entry with
self.branch_origins.last_index().unwrap_or(0).CMT_3
NEGLIGIBLEDescription: The doc comment is truncated (ends with a comma) and wrong: it says the function returns
trueonly whenvalis"true", but the body also returnstruefor"1"and is case-insensitive.Locations:
Fix: Fix the comment, e.g. "Returns true if val is "true" (case-insensitive) or "1".".
LOGIC_1
HIGHDescription: In
AnyArguments::convert_into, the NULL float type mappings are swapped:AnyTypeInfoKind::Real(which isf32) is encoded asOption::<f64>::None, andDouble(which isf64) asOption::<f32>::None. Binding a NULLf32/f64through theAnydriver sends the wrong SQL type hint, which can produce a type-mismatch error on strongly-typed backends like Postgres.Locations:
Fix: Swap the two arms:
Real => out.add(Option::<f32>::None)andDouble => out.add(Option::<f64>::None).LOGIC_2
HIGHDescription:
AnyConnection::close_hardforwards toself.backend.close()(the graceful close) instead ofself.backend.close_hard(). TheAnyConnectionBackendtrait defines a distinctclose_hard(backend.rs:23) meant to close immediately without the graceful shutdown handshake, so callers requesting a hard close silently get a full graceful close.Locations:
Fix: Call
self.backend.close_hard()inclose_hard.LOGIC_3
HIGHDescription:
MySqlTime::is_negative()returnsself.sign.is_positive()— inverted. It returnstruefor positive values andfalsefor negative ones, and is byte-for-byte identical tois_positive()just above it. Any caller relying onis_negative()gets the opposite of the truth.Locations:
Fix: Change the body to
self.sign.is_negative().Reproduction steps
N/A
SQLx version
Git
Enabled SQLx features
N/A
Database server and version
N/A
Operating system
N/A
Rust version
N/A