Commit 8e7c20a1 authored by Nick Wellnhofer's avatar Nick Wellnhofer
Browse files

Fix integer overflow when comparing schema dates

Found by OSS-Fuzz.
parent 905820a4
Pipeline #201348 passed with stage
in 5 minutes and 1 second
......@@ -3691,6 +3691,8 @@ xmlSchemaCompareDurations(xmlSchemaValPtr x, xmlSchemaValPtr y)
minday = 0;
maxday = 0;
} else {
if (myear > LONG_MAX / 366)
return -2;
/* FIXME: This doesn't take leap year exceptions every 100/400 years
into account. */
maxday = 365 * myear + (myear + 3) / 4;
......@@ -4079,6 +4081,14 @@ xmlSchemaCompareDates (xmlSchemaValPtr x, xmlSchemaValPtr y)
if ((x == NULL) || (y == NULL))
return -2;
if ((x->value.date.year > LONG_MAX / 366) ||
(x->value.date.year < LONG_MIN / 366) ||
(y->value.date.year > LONG_MAX / 366) ||
(y->value.date.year < LONG_MIN / 366)) {
/* Possible overflow when converting to days. */
return -2;
}
if (x->value.date.tz_flag) {
if (!y->value.date.tz_flag) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment