mirror of
https://gitlab.gnome.org/GNOME/glib.git
synced 2025-05-17 19:21:58 +02:00
gdate: Limit length of dates which can be parsed as valid
Realistically any date over 200 bytes long is not going to be valid, so limit the input length so we can’t spend too long doing UTF-8 validation or normalisation. oss-fuzz#28718 Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
This commit is contained in:
parent
4c6daefd6b
commit
3fc314ec38
@ -1229,12 +1229,19 @@ g_date_set_parse (GDate *d,
|
||||
{
|
||||
GDateParseTokens pt;
|
||||
guint m = G_DATE_BAD_MONTH, day = G_DATE_BAD_DAY, y = G_DATE_BAD_YEAR;
|
||||
gsize str_len;
|
||||
|
||||
g_return_if_fail (d != NULL);
|
||||
|
||||
/* set invalid */
|
||||
g_date_clear (d, 1);
|
||||
|
||||
/* Anything longer than this is ridiculous and could take a while to normalize.
|
||||
* This limit is chosen arbitrarily. */
|
||||
str_len = strlen (str);
|
||||
if (str_len > 200)
|
||||
return;
|
||||
|
||||
/* The input has to be valid UTF-8. */
|
||||
if (!g_utf8_validate (str, -1, NULL))
|
||||
return;
|
||||
|
@ -191,6 +191,10 @@ test_parse_invalid (void)
|
||||
{
|
||||
/* Incomplete UTF-8 sequence */
|
||||
"\xfd",
|
||||
/* Ridiculously long input */
|
||||
"12345678901234567890123456789012345678901234567890123456789012345678901234567890"
|
||||
"12345678901234567890123456789012345678901234567890123456789012345678901234567890"
|
||||
"12345678901234567890123456789012345678901234567890123456789012345678901234567890",
|
||||
};
|
||||
gsize i;
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user