c/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2 synced 2025-03-28 21:33:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix integer overflow when comparing schema dates

Browse Source 
Found by OSS-Fuzz.
This commit is contained in:
Nick Wellnhofer 2020-08-03 17:30:41 +02:00
parent 905820a44c
commit 8e7c20a1af
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
xmlschemastypes.c
View File

@ -3691,6 +3691,8 @@ xmlSchemaCompareDurations(xmlSchemaValPtr x, xmlSchemaValPtr y)
minday = 0;
maxday = 0;
} else {
if (myear > LONG_MAX / 366)
return -2;
/* FIXME: This doesn't take leap year exceptions every 100/400 years
into account. */
maxday = 365 * myear + (myear + 3) / 4;
@ -4079,6 +4081,14 @@ xmlSchemaCompareDates (xmlSchemaValPtr x, xmlSchemaValPtr y)
if ((x == NULL) || (y == NULL))
return -2;
if ((x->value.date.year > LONG_MAX / 366) ||
(x->value.date.year < LONG_MIN / 366) ||
(y->value.date.year > LONG_MAX / 366) ||
(y->value.date.year < LONG_MIN / 366)) {
/* Possible overflow when converting to days. */
return -2;
}
if (x->value.date.tz_flag) {
if (!y->value.date.tz_flag) {