luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-05-31 18:00:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

gdate: Limit length of dates which can be parsed as valid

Browse Source 
Realistically any date over 200 bytes long is not going to be valid, so
limit the input length so we can’t spend too long doing UTF-8 validation
or normalisation.

oss-fuzz#28718

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
This commit is contained in:
Philip Withnall 2020-12-18 11:38:31 +00:00
parent 4c6daefd6b
commit 3fc314ec38
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
glib/gdate.c
View File

@ -1229,12 +1229,19 @@ g_date_set_parse (GDate *d,
{
GDateParseTokens pt;
guint m = G_DATE_BAD_MONTH, day = G_DATE_BAD_DAY, y = G_DATE_BAD_YEAR;
gsize str_len;
g_return_if_fail (d != NULL);
/* set invalid */
g_date_clear (d, 1);
/* Anything longer than this is ridiculous and could take a while to normalize.
* This limit is chosen arbitrarily. */
str_len = strlen (str);
if (str_len > 200)
return;
/* The input has to be valid UTF-8. */
if (!g_utf8_validate (str, -1, NULL))
return;

4
glib/tests/date.c
View File

@ -191,6 +191,10 @@ test_parse_invalid (void)
{
/* Incomplete UTF-8 sequence */
"\xfd",
/* Ridiculously long input */
"12345678901234567890123456789012345678901234567890123456789012345678901234567890"
"12345678901234567890123456789012345678901234567890123456789012345678901234567890"
"12345678901234567890123456789012345678901234567890123456789012345678901234567890",
};
gsize i;