Welcome! Log In Create A New Profile

Advanced

[njs] Fixed integer-overflow in MakeDay().

Dmitry Volyntsev
June 02, 2021 10:12AM
details: https://hg.nginx.org/njs/rev/befc2827d2d2
branches:
changeset: 1648:befc2827d2d2
user: Dmitry Volyntsev <xeioex@nginx.com>
date: Wed Jun 02 13:25:32 2021 +0000
description:
Fixed integer-overflow in MakeDay().

Found by OSS-Fuzz.

diffstat:

src/njs_date.c | 7 ++++++-
src/test/njs_unit_test.c | 3 +++
2 files changed, 9 insertions(+), 1 deletions(-)

diffs (33 lines):

diff -r de189c66c757 -r befc2827d2d2 src/njs_date.c
--- a/src/njs_date.c Mon May 31 06:55:34 2021 +0000
+++ b/src/njs_date.c Wed Jun 02 13:25:32 2021 +0000
@@ -124,10 +124,15 @@ njs_make_day(int64_t yr, int64_t month,
double days;
int64_t i, ym, mn, md;

+ static const int min_year = -271821;
+ static const int max_year = 275760;
static const int month_days[] = { 31, 28, 31, 30, 31, 30,
31, 31, 30, 31, 30, 31 };

- if (yr < -271822 || yr > 275761) {
+ if (yr < min_year || yr > max_year
+ || month < (min_year * 12) || month > (max_year * 12)
+ || date < (min_year * 12 * 366) || date > (max_year * 12 * 366))
+ {
return NAN;
}

diff -r de189c66c757 -r befc2827d2d2 src/test/njs_unit_test.c
--- a/src/test/njs_unit_test.c Mon May 31 06:55:34 2021 +0000
+++ b/src/test/njs_unit_test.c Wed Jun 02 13:25:32 2021 +0000
@@ -15211,6 +15211,9 @@ static njs_unit_test_t njs_test[] =
{ njs_str("new Date(NaN)"),
njs_str("Invalid Date") },

+ { njs_str("new Date(0, 9e99)"),
+ njs_str("Invalid Date") },
+
#ifndef NJS_SUNC
{ njs_str("new Date(-0).getTime()"),
njs_str("0") },
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[njs] Fixed integer-overflow in MakeDay().

Dmitry Volyntsev 137 June 02, 2021 10:12AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 75
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready