fix panic in prepared sql

jackc · Dec 2, 2023 · 319c317 · 319c317
1 parent 4678e69
commit 319c317
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/internal/sanitize/sanitize.go b/internal/sanitize/sanitize.go
@@ -35,6 +35,11 @@ func (q *Query) Sanitize(args ...any) (string, error) {
 			str = part
 		case int:
 			argIdx := part - 1
+
+			if argIdx < 0 {
+				return "", fmt.Errorf("first sql argument must be > 0")
+			}
+
 			if argIdx >= len(args) {
 				return "", fmt.Errorf("insufficient arguments")
 			}