gdatetime: Remove floating point from seconds parsing code

Rather than parsing the seconds in an ISO 8601 date/time using a pair of floating point numbers (numerator and denominator), use two integers instead. This avoids issues around floating point precision, and also makes it easier to check for potential overflow from overlong inputs. This last point means that the `isfinite()` check can be removed, as it was covering the case where a NAN was generated, which isn’t now possible using integer arithmetic. Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2024-11-11 03:46:17 +01:00 · 2020-12-11 15:36:56 +00:00 · 2020-12-11 15:36:56 +00:00 · 5d7f4b8f04
commit 5d7f4b8f04
parent a28b3c9dd6
1 changed files with 5 additions and 7 deletions
--- a/glib/gdatetime.c
+++ b/glib/gdatetime.c
@ -1181,7 +1181,7 @@ static gboolean
 get_iso8601_seconds (const gchar *text, gsize length, gdouble *value)
 {
  gsize i;
-  gdouble divisor = 1, v = 0;
+  guint64 divisor = 1, v = 0;

  if (length < 2)
    return FALSE;
@ -1208,17 +1208,15 @@ get_iso8601_seconds (const gchar *text, gsize length, gdouble *value)
  for (; i < length; i++)
    {
      const gchar c = text[i];
-      if (c < '0' || c > '9')
+      if (c < '0' || c > '9' ||
+          v > (G_MAXUINT64 - (c - '0')) / 10 ||
+          divisor > G_MAXUINT64 / 10)
        return FALSE;
      v = v * 10 + (c - '0');
      divisor *= 10;
    }

-  v = v / divisor;
-  if (!isfinite (v))
-    return FALSE;
-
-  *value = v;
+  *value = (gdouble) v / divisor;
  return TRUE;
 }