Commit 15634d64 authored by Philip Withnall's avatar Philip Withnall
Browse files

gdate: Limit length of dates which can be parsed as valid



Realistically any date over 200 bytes long is not going to be valid, so
limit the input length so we can’t spend too long doing UTF-8 validation
or normalisation.

oss-fuzz#28718
Signed-off-by: Philip Withnall's avatarPhilip Withnall <pwithnall@endlessos.org>
parent 114b1ecd
......@@ -1229,12 +1229,19 @@ g_date_set_parse (GDate *d,
{
GDateParseTokens pt;
guint m = G_DATE_BAD_MONTH, day = G_DATE_BAD_DAY, y = G_DATE_BAD_YEAR;
gsize str_len;
g_return_if_fail (d != NULL);
/* set invalid */
g_date_clear (d, 1);
/* Anything longer than this is ridiculous and could take a while to normalize.
* This limit is chosen arbitrarily. */
str_len = strlen (str);
if (str_len > 200)
return;
/* The input has to be valid UTF-8. */
if (!g_utf8_validate (str, -1, NULL))
return;
......
......@@ -191,6 +191,10 @@ test_parse_invalid (void)
{
/* Incomplete UTF-8 sequence */
"\xfd",
/* Ridiculously long input */
"12345678901234567890123456789012345678901234567890123456789012345678901234567890"
"12345678901234567890123456789012345678901234567890123456789012345678901234567890"
"12345678901234567890123456789012345678901234567890123456789012345678901234567890",
};
gsize i;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment