diff options
| author | Gustavo André dos Santos Lopes <cataphract@php.net> | 2010-12-19 23:47:00 +0000 |
|---|---|---|
| committer | Gustavo André dos Santos Lopes <cataphract@php.net> | 2010-12-19 23:47:00 +0000 |
| commit | f13d9c0e033eb346c773d2f04c2d643dd7df8571 (patch) | |
| tree | 24d7f564e7645024c96d0faf3f5f24a8165d35e4 /ext | |
| parent | 25c584116053c9d10343f06d0c3d13565f5c6e94 (diff) | |
| download | php-git-f13d9c0e033eb346c773d2f04c2d643dd7df8571.tar.gz | |
- Fixed bug #53574 (Integer overflow in SdnToJulian, sometimes leading to
segfault).
Diffstat (limited to 'ext')
| -rw-r--r-- | ext/calendar/julian.c | 26 | ||||
| -rw-r--r-- | ext/calendar/tests/bug53574.phpt | 35 |
2 files changed, 55 insertions, 6 deletions
diff --git a/ext/calendar/julian.c b/ext/calendar/julian.c index 39bcbc7e65..17e7bcb597 100644 --- a/ext/calendar/julian.c +++ b/ext/calendar/julian.c @@ -146,6 +146,7 @@ **************************************************************************/ #include "sdncal.h" +#include <limits.h> #define JULIAN_SDN_OFFSET 32083 #define DAYS_PER_5_MONTHS 153 @@ -164,15 +165,22 @@ void SdnToJulian( int dayOfYear; if (sdn <= 0) { - *pYear = 0; - *pMonth = 0; - *pDay = 0; - return; + goto fail; } - temp = (sdn + JULIAN_SDN_OFFSET) * 4 - 1; + /* Check for overflow */ + if (sdn > (LONG_MAX - JULIAN_SDN_OFFSET * 4 + 1) / 4 || sdn < LONG_MIN / 4) { + goto fail; + } + temp = sdn * 4 + (JULIAN_SDN_OFFSET * 4 - 1); /* Calculate the year and day of year (1 <= dayOfYear <= 366). */ - year = temp / DAYS_PER_4_YEARS; + { + long yearl = temp / DAYS_PER_4_YEARS; + if (yearl > INT_MAX || yearl < INT_MIN) { + goto fail; + } + year = (int) yearl; + } dayOfYear = (temp % DAYS_PER_4_YEARS) / 4 + 1; /* Calculate the month and day of month. */ @@ -196,6 +204,12 @@ void SdnToJulian( *pYear = year; *pMonth = month; *pDay = day; + return; + +fail: + *pYear = 0; + *pMonth = 0; + *pDay = 0; } long int JulianToSdn( diff --git a/ext/calendar/tests/bug53574.phpt b/ext/calendar/tests/bug53574.phpt new file mode 100644 index 0000000000..e426991354 --- /dev/null +++ b/ext/calendar/tests/bug53574.phpt @@ -0,0 +1,35 @@ +--TEST-- +Bug #53574 (Integer overflow in SdnToJulian; leads to segfault) +--SKIPIF-- +<?php include 'skipif.inc'; ?> +--FILE-- +<?php +if (PHP_INT_MAX == 0x7FFFFFFF) { + $x = 882858043; +} else { + $x = 3315881921229094912; +} + +var_dump(cal_from_jd($x, CAL_JULIAN)); +--EXPECT-- +array(9) { + ["date"]=> + string(5) "0/0/0" + ["month"]=> + int(0) + ["day"]=> + int(0) + ["year"]=> + int(0) + ["dow"]=> + int(3) + ["abbrevdayname"]=> + string(3) "Wed" + ["dayname"]=> + string(9) "Wednesday" + ["abbrevmonth"]=> + string(0) "" + ["monthname"]=> + string(0) "" +} + |