From cac914fa21ca3cf69e9d37b9c4062b26070bfa7f Mon Sep 17 00:00:00 2001
From: Austin Bonander <austin.bonander@gmail.com>
Date: Fri, 16 Aug 2024 13:22:48 -0700
Subject: [PATCH] fix: audit `sqlx_postgres::types::rust_decimal` for casts
 involving sign loss

---
 sqlx-postgres/src/types/rust_decimal.rs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/sqlx-postgres/src/types/rust_decimal.rs b/sqlx-postgres/src/types/rust_decimal.rs
index 83a2d0e0..281bc7e4 100644
--- a/sqlx-postgres/src/types/rust_decimal.rs
+++ b/sqlx-postgres/src/types/rust_decimal.rs
@@ -50,6 +50,9 @@ impl TryFrom<&'_ PgNumeric> for Decimal {
             // Postgres returns an empty digit array for 0
             return Ok(Decimal::ZERO);
         }
+        
+        let scale = u32::try_from(scale)
+            .map_err(|_| format!("invalid scale value for Pg NUMERIC: {scale}"))?;
 
         let mut value = Decimal::ZERO;
 
@@ -73,7 +76,7 @@ impl TryFrom<&'_ PgNumeric> for Decimal {
             PgNumericSign::Negative => value.set_sign_negative(true),
         }
 
-        value.rescale(scale as u32);
+        value.rescale(scale);
 
         Ok(value)
     }