From c39f1b6e6915bb94f0695f0372f42a2fddbcc7aa Mon Sep 17 00:00:00 2001
From: Philip Withnall <withnall@endlessm.com>
Date: Wed, 18 Sep 2019 12:42:39 +0100
Subject: [PATCH 1/2] gdatetime: Fix error handling in
 g_date_time_new_ordinal()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

It was possible to pass in (for example) an invalid hour to
g_date_time_new_ordinal(), which would be passed on to
g_date_time_new(), which would (correctly) return `NULL` — but then
g_date_time_new_ordinal() would try to dereference that.

Includes some test cases.

oss-fuzz#16103
oss-fuzz#17183

Signed-off-by: Philip Withnall <withnall@endlessm.com>
---
 glib/gdatetime.c       | 2 ++
 glib/tests/gdatetime.c | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/glib/gdatetime.c b/glib/gdatetime.c
index 6a99dac8e..4557e3c76 100644
--- a/glib/gdatetime.c
+++ b/glib/gdatetime.c
@@ -1220,6 +1220,8 @@ g_date_time_new_ordinal (GTimeZone *tz, gint year, gint ordinal_day, gint hour,
     return NULL;
 
   dt = g_date_time_new (tz, year, 1, 1, hour, minute, seconds);
+  if (dt == NULL)
+    return NULL;
   dt->days += ordinal_day - 1;
 
   return dt;
diff --git a/glib/tests/gdatetime.c b/glib/tests/gdatetime.c
index 23d83b7d0..d148cf528 100644
--- a/glib/tests/gdatetime.c
+++ b/glib/tests/gdatetime.c
@@ -866,6 +866,8 @@ test_GDateTime_new_from_iso8601_2 (void)
     { TRUE, "+1980-02-22T12:36:00+02:00", 1980, 2, 22, 12, 36, 0, 0, 2 * G_TIME_SPAN_HOUR },
     { TRUE, "1990-11-01T10:21:17     ", 1990, 11, 1, 10, 21, 17, 0, 0 },
     */
+    { FALSE, "1719W462 407777-07", 0, 0, 0, 0, 0, 0, 0, 0 },
+    { FALSE, "4011090 260528Z", 0, 0, 0, 0, 0, 0, 0, 0 },
   };
   GTimeZone *tz = NULL;
   GDateTime *dt = NULL;

From 7b393fce314c4b303c89dd1ea9c0dbaec7cf43b4 Mon Sep 17 00:00:00 2001
From: Philip Withnall <withnall@endlessm.com>
Date: Tue, 24 Sep 2019 18:00:53 +0100
Subject: [PATCH 2/2] gdatetime: Fix error handling in g_date_time_new_week()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

It was possible to pass in (for example) an invalid year to
g_date_time_new_week(), which would be passed on to g_date_time_new(),
which would (correctly) return `NULL` — but then
g_date_time_get_week_number() would try to dereference that.

Includes a test case.

oss-fuzz#17648

Signed-off-by: Philip Withnall <withnall@endlessm.com>
---
 glib/gdatetime.c       | 2 ++
 glib/tests/gdatetime.c | 1 +
 2 files changed, 3 insertions(+)

diff --git a/glib/gdatetime.c b/glib/gdatetime.c
index 4557e3c76..3be4eba3d 100644
--- a/glib/gdatetime.c
+++ b/glib/gdatetime.c
@@ -1241,6 +1241,8 @@ g_date_time_new_week (GTimeZone *tz, gint year, gint week, gint week_day, gint h
     return NULL;
 
   dt = g_date_time_new (tz, year, 1, 4, 0, 0, 0);
+  if (dt == NULL)
+    return NULL;
   g_date_time_get_week_number (dt, NULL, &jan4_week_day, NULL);
   g_date_time_unref (dt);
 
diff --git a/glib/tests/gdatetime.c b/glib/tests/gdatetime.c
index d148cf528..4ecccb347 100644
--- a/glib/tests/gdatetime.c
+++ b/glib/tests/gdatetime.c
@@ -868,6 +868,7 @@ test_GDateTime_new_from_iso8601_2 (void)
     */
     { FALSE, "1719W462 407777-07", 0, 0, 0, 0, 0, 0, 0, 0 },
     { FALSE, "4011090 260528Z", 0, 0, 0, 0, 0, 0, 0, 0 },
+    { FALSE, "0000W011 228214-22", 0, 0, 0, 0, 0, 0, 0, 0 },
   };
   GTimeZone *tz = NULL;
   GDateTime *dt = NULL;