Merge branch 'backport-1821-date-lengths-glib-2-66' into 'glib-2-66'

Backport !1821 “gdate: Limit length of dates which can be parsed as valid” to glib-2-66

See merge request GNOME/glib!1824
This commit is contained in:
Sebastian Dröge 2020-12-21 18:15:35 +00:00
commit b20a8b5a5a
2 changed files with 12 additions and 1 deletions

View File

@ -1229,14 +1229,21 @@ g_date_set_parse (GDate *d,
{ {
GDateParseTokens pt; GDateParseTokens pt;
guint m = G_DATE_BAD_MONTH, day = G_DATE_BAD_DAY, y = G_DATE_BAD_YEAR; guint m = G_DATE_BAD_MONTH, day = G_DATE_BAD_DAY, y = G_DATE_BAD_YEAR;
gsize str_len;
g_return_if_fail (d != NULL); g_return_if_fail (d != NULL);
/* set invalid */ /* set invalid */
g_date_clear (d, 1); g_date_clear (d, 1);
/* Anything longer than this is ridiculous and could take a while to normalize.
* This limit is chosen arbitrarily. */
str_len = strlen (str);
if (str_len > 200)
return;
/* The input has to be valid UTF-8. */ /* The input has to be valid UTF-8. */
if (!g_utf8_validate (str, -1, NULL)) if (!g_utf8_validate_len (str, str_len, NULL))
return; return;
G_LOCK (g_date_global); G_LOCK (g_date_global);

View File

@ -191,6 +191,10 @@ test_parse_invalid (void)
{ {
/* Incomplete UTF-8 sequence */ /* Incomplete UTF-8 sequence */
"\xfd", "\xfd",
/* Ridiculously long input */
"12345678901234567890123456789012345678901234567890123456789012345678901234567890"
"12345678901234567890123456789012345678901234567890123456789012345678901234567890"
"12345678901234567890123456789012345678901234567890123456789012345678901234567890",
}; };
gsize i; gsize i;