From b5656d252449af902f3e3aa0294cce7d422c3b2e Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 1 Oct 2020 11:45:22 +0100
Subject: [PATCH 1/2] gdatetime: Avoid integer overflow creating dates too far
 in the past

oss-fuzz#22758

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
---
 glib/gdatetime.c       | 6 ++++--
 glib/tests/gdatetime.c | 8 +++++++-
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/glib/gdatetime.c b/glib/gdatetime.c
index fab60c441..1755257be 100644
--- a/glib/gdatetime.c
+++ b/glib/gdatetime.c
@@ -1032,7 +1032,8 @@ g_date_time_new_from_unix_local (gint64 t)
   GDateTime *datetime;
   GTimeZone *local;
 
-  if (t > G_MAXINT64 / USEC_PER_SECOND)
+  if (t > G_MAXINT64 / USEC_PER_SECOND ||
+      t < G_MININT64 / USEC_PER_SECOND)
     return NULL;
 
   local = g_time_zone_new_local ();
@@ -1067,7 +1068,8 @@ g_date_time_new_from_unix_utc (gint64 t)
   GDateTime *datetime;
   GTimeZone *utc;
 
-  if (t > G_MAXINT64 / USEC_PER_SECOND)
+  if (t > G_MAXINT64 / USEC_PER_SECOND ||
+      t < G_MININT64 / USEC_PER_SECOND)
     return NULL;
 
   utc = g_time_zone_new_utc ();
diff --git a/glib/tests/gdatetime.c b/glib/tests/gdatetime.c
index 3e75f4ed2..52eec1e46 100644
--- a/glib/tests/gdatetime.c
+++ b/glib/tests/gdatetime.c
@@ -152,7 +152,7 @@ test_GDateTime_new_from_unix (void)
   g_date_time_unref (dt);
 }
 
-/* Check that trying to create a #GDateTime too far in the future reliably
+/* Check that trying to create a #GDateTime too far in the future (or past) reliably
  * fails. Previously, the checks for this overflowed and it silently returned
  * an incorrect #GDateTime. */
 static void
@@ -167,6 +167,12 @@ test_GDateTime_new_from_unix_overflow (void)
 
   dt = g_date_time_new_from_unix_local (G_MAXINT64);
   g_assert_null (dt);
+
+  dt = g_date_time_new_from_unix_utc (G_MININT64);
+  g_assert_null (dt);
+
+  dt = g_date_time_new_from_unix_local (G_MININT64);
+  g_assert_null (dt);
 }
 
 static void

From 281f6697c1a156f5cece9fc256230e8b70f40beb Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 1 Oct 2020 11:46:23 +0100
Subject: [PATCH 2/2] tests: Test date overflow failure with bookmark file
 parsing

This is exactly the test case from oss-fuzz which triggers a negative
overflow when constructing dates.

oss-fuzz#22758

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
---
 glib/tests/bookmarks/fail-42.xbel | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 glib/tests/bookmarks/fail-42.xbel

diff --git a/glib/tests/bookmarks/fail-42.xbel b/glib/tests/bookmarks/fail-42.xbel
new file mode 100644
index 000000000..c698d33c8
--- /dev/null
+++ b/glib/tests/bookmarks/fail-42.xbel
@@ -0,0 +1 @@
+<xbel version="1.0"><bookmark href=""><info><metadata owner="http://freedesktop.org"><applications><application name=""exec=""timestamp="-77873021800189">
\ No newline at end of file