mirror of
https://gitlab.gnome.org/GNOME/glib.git
synced 2024-12-28 16:36:14 +01:00
gdate: Limit length of dates which can be parsed as valid
Realistically any date over 200 bytes long is not going to be valid, so limit the input length so we can’t spend too long doing UTF-8 validation or normalisation. oss-fuzz#28718 Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
This commit is contained in:
parent
114b1ecd98
commit
15634d64bf
@ -1229,12 +1229,19 @@ g_date_set_parse (GDate *d,
|
||||
{
|
||||
GDateParseTokens pt;
|
||||
guint m = G_DATE_BAD_MONTH, day = G_DATE_BAD_DAY, y = G_DATE_BAD_YEAR;
|
||||
gsize str_len;
|
||||
|
||||
g_return_if_fail (d != NULL);
|
||||
|
||||
/* set invalid */
|
||||
g_date_clear (d, 1);
|
||||
|
||||
/* Anything longer than this is ridiculous and could take a while to normalize.
|
||||
* This limit is chosen arbitrarily. */
|
||||
str_len = strlen (str);
|
||||
if (str_len > 200)
|
||||
return;
|
||||
|
||||
/* The input has to be valid UTF-8. */
|
||||
if (!g_utf8_validate (str, -1, NULL))
|
||||
return;
|
||||
|
@ -191,6 +191,10 @@ test_parse_invalid (void)
|
||||
{
|
||||
/* Incomplete UTF-8 sequence */
|
||||
"\xfd",
|
||||
/* Ridiculously long input */
|
||||
"12345678901234567890123456789012345678901234567890123456789012345678901234567890"
|
||||
"12345678901234567890123456789012345678901234567890123456789012345678901234567890"
|
||||
"12345678901234567890123456789012345678901234567890123456789012345678901234567890",
|
||||
};
|
||||
gsize i;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user