gdate: Limit length of dates which can be parsed as valid

Realistically any date over 200 bytes long is not going to be valid, so
limit the input length so we can’t spend too long doing UTF-8 validation
or normalisation.

oss-fuzz#28718

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
This commit is contained in:
Philip Withnall 2020-12-18 11:38:31 +00:00
parent 114b1ecd98
commit 15634d64bf
2 changed files with 11 additions and 0 deletions

View File

@ -1229,12 +1229,19 @@ g_date_set_parse (GDate *d,
{ {
GDateParseTokens pt; GDateParseTokens pt;
guint m = G_DATE_BAD_MONTH, day = G_DATE_BAD_DAY, y = G_DATE_BAD_YEAR; guint m = G_DATE_BAD_MONTH, day = G_DATE_BAD_DAY, y = G_DATE_BAD_YEAR;
gsize str_len;
g_return_if_fail (d != NULL); g_return_if_fail (d != NULL);
/* set invalid */ /* set invalid */
g_date_clear (d, 1); g_date_clear (d, 1);
/* Anything longer than this is ridiculous and could take a while to normalize.
* This limit is chosen arbitrarily. */
str_len = strlen (str);
if (str_len > 200)
return;
/* The input has to be valid UTF-8. */ /* The input has to be valid UTF-8. */
if (!g_utf8_validate (str, -1, NULL)) if (!g_utf8_validate (str, -1, NULL))
return; return;

View File

@ -191,6 +191,10 @@ test_parse_invalid (void)
{ {
/* Incomplete UTF-8 sequence */ /* Incomplete UTF-8 sequence */
"\xfd", "\xfd",
/* Ridiculously long input */
"12345678901234567890123456789012345678901234567890123456789012345678901234567890"
"12345678901234567890123456789012345678901234567890123456789012345678901234567890"
"12345678901234567890123456789012345678901234567890123456789012345678901234567890",
}; };
gsize i; gsize i;