diff options
| author | Philip Withnall <withnall@endlessm.com> | 2019-07-30 14:37:48 +0100 |
|---|---|---|
| committer | Philip Withnall <withnall@endlessm.com> | 2019-08-21 23:36:48 +0300 |
| commit | 4ddabfc61214348d365202a488091a3236b40e97 (patch) | |
| tree | 4a7c620e79a566ad4a23cde68af97de93634ba52 | |
| parent | 5558c668a98f74dab468e34b150c2f10e70fa40c (diff) | |
| download | glib-4ddabfc61214348d365202a488091a3236b40e97.tar.gz | |
gdatetime: Avoid an assertion failure when parsing some ISO 8601 dates
Some malformed ISO 8601 date/time strings were causing an assertion
failure when passed to `g_date_time_new_from_iso8601()`, due to a
mismatch between the bounds checking of timezone offsets in `GDateTime`
and `GTimeZone`. Fix that and add a unit test for it.
oss-fuzz#16101
Signed-off-by: Philip Withnall <withnall@endlessm.com>
| -rw-r--r-- | glib/gdatetime.c | 14 | ||||
| -rw-r--r-- | glib/tests/gdatetime.c | 3 |
2 files changed, 11 insertions, 6 deletions
diff --git a/glib/gdatetime.c b/glib/gdatetime.c index 58874ad2a..b364e18b3 100644 --- a/glib/gdatetime.c +++ b/glib/gdatetime.c @@ -1327,9 +1327,7 @@ static GTimeZone * parse_iso8601_timezone (const gchar *text, gsize length, gssize *tz_offset) { gint i, tz_length, offset_hours, offset_minutes; -#ifndef G_DISABLE_ASSERT gint offset_sign = 1; -#endif GTimeZone *tz; /* UTC uses Z suffix */ @@ -1343,9 +1341,7 @@ parse_iso8601_timezone (const gchar *text, gsize length, gssize *tz_offset) for (i = length - 1; i >= 0; i--) if (text[i] == '+' || text[i] == '-') { -#ifndef G_DISABLE_ASSERT offset_sign = text[i] == '-' ? -1 : 1; -#endif break; } if (i < 0) @@ -1380,8 +1376,14 @@ parse_iso8601_timezone (const gchar *text, gsize length, gssize *tz_offset) tz = g_time_zone_new (text + i); /* Double-check that the GTimeZone matches our interpretation of the timezone. - * Failure would indicate a bug either here of in the GTimeZone code. */ - g_assert (g_time_zone_get_offset (tz, 0) == offset_sign * (offset_hours * 3600 + offset_minutes * 60)); + * This can fail because our interpretation is less strict than (for example) + * parse_time() in gtimezone.c, which restricts the range of the parsed + * integers. */ + if (g_time_zone_get_offset (tz, 0) != offset_sign * (offset_hours * 3600 + offset_minutes * 60)) + { + g_time_zone_unref (tz); + return NULL; + } return tz; } diff --git a/glib/tests/gdatetime.c b/glib/tests/gdatetime.c index 9afcf3926..2eb8d462e 100644 --- a/glib/tests/gdatetime.c +++ b/glib/tests/gdatetime.c @@ -499,6 +499,9 @@ test_GDateTime_new_from_iso8601 (void) dt = g_date_time_new_from_iso8601 ("not a date", NULL); g_assert_null (dt); + dt = g_date_time_new_from_iso8601 (" +55", NULL); + g_assert_null (dt); + /* Check common case */ dt = g_date_time_new_from_iso8601 ("2016-08-24T22:10:42Z", NULL); ASSERT_DATE (dt, 2016, 8, 24); |