luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-12-07 17:14:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

gdatetime: Fix potential integer overflow in timezone offset handling

Browse Source 
This one is much harder to trigger than the one in the previous commit,
but mixing `gssize` and `gsize` always runs the risk of the former
overflowing for very (very very) long input strings.

Avoid that possibility by not using the sign of the `tz_offset` to
indicate its validity, and instead using the return value of the
function.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
This commit is contained in:
Philip Withnall
2025-02-18 16:51:36 +00:00
parent 8d60d7dc16
commit 2fa1e18361
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
glib/gdatetime.c
View File

@@ -1389,8 +1389,10 @@ parse_iso8601_date (const gchar *text, gsize length,
return FALSE; return FALSE;
} }
/* Value returned in tz_offset is valid if and only if the function return value
* is non-NULL. */
static GTimeZone * static GTimeZone *
parse_iso8601_timezone (const gchar *text, gsize length, gssize *tz_offset) parse_iso8601_timezone (const gchar *text, gsize length, size_t *tz_offset)
{ {
gint i, tz_length, offset_hours, offset_minutes; gint i, tz_length, offset_hours, offset_minutes;
gint offset_sign = 1; gint offset_sign = 1;
@@ -1458,11 +1460,11 @@ static gboolean
parse_iso8601_time (const gchar *text, gsize length, parse_iso8601_time (const gchar *text, gsize length,
gint *hour, gint *minute, gdouble *seconds, GTimeZone **tz) gint *hour, gint *minute, gdouble *seconds, GTimeZone **tz)
{ {
gssize tz_offset = -1; size_t tz_offset = 0;
/* Check for timezone suffix */ /* Check for timezone suffix */
*tz = parse_iso8601_timezone (text, length, &tz_offset); *tz = parse_iso8601_timezone (text, length, &tz_offset);
if (tz_offset >= 0) if (*tz != NULL)
length = tz_offset; length = tz_offset;
/* hh:mm:ss(.sss) */ /* hh:mm:ss(.sss) */