[glib/glib-2-66: 1/3] gdate: Limit length of dates which can be parsed as valid




commit 3fc314ec388e52f76545cf4cd00edf83a0cb2997
Author: Philip Withnall <pwithnall endlessos org>
Date:   Fri Dec 18 11:38:31 2020 +0000

    gdate: Limit length of dates which can be parsed as valid
    
    Realistically any date over 200 bytes long is not going to be valid, so
    limit the input length so we can’t spend too long doing UTF-8 validation
    or normalisation.
    
    oss-fuzz#28718
    
    Signed-off-by: Philip Withnall <pwithnall endlessos org>

 glib/gdate.c      | 7 +++++++
 glib/tests/date.c | 4 ++++
 2 files changed, 11 insertions(+)
---
diff --git a/glib/gdate.c b/glib/gdate.c
index 391b142a8..0e03a6e70 100644
--- a/glib/gdate.c
+++ b/glib/gdate.c
@@ -1229,12 +1229,19 @@ g_date_set_parse (GDate       *d,
 {
   GDateParseTokens pt;
   guint m = G_DATE_BAD_MONTH, day = G_DATE_BAD_DAY, y = G_DATE_BAD_YEAR;
+  gsize str_len;
   
   g_return_if_fail (d != NULL);
   
   /* set invalid */
   g_date_clear (d, 1);
 
+  /* Anything longer than this is ridiculous and could take a while to normalize.
+   * This limit is chosen arbitrarily. */
+  str_len = strlen (str);
+  if (str_len > 200)
+    return;
+
   /* The input has to be valid UTF-8. */
   if (!g_utf8_validate (str, -1, NULL))
     return;
diff --git a/glib/tests/date.c b/glib/tests/date.c
index 38de1d9be..542293c4b 100644
--- a/glib/tests/date.c
+++ b/glib/tests/date.c
@@ -191,6 +191,10 @@ test_parse_invalid (void)
     {
       /* Incomplete UTF-8 sequence */
       "\xfd",
+      /* Ridiculously long input */
+      "12345678901234567890123456789012345678901234567890123456789012345678901234567890"
+      "12345678901234567890123456789012345678901234567890123456789012345678901234567890"
+      "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
     };
   gsize i;
 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]