Skip to content

[BUG] Validation of message with com.google.protobuf.Timestamp fails with java.time.DateTimeException if seconds/nanos exceed Instant boundsΒ #379

New issue
New issue
Open
Open
[BUG] Validation of message with com.google.protobuf.Timestamp fails with java.time.DateTimeException if seconds/nanos exceed Instant bounds#379
Labels
BugSomething isn't working
@viliket

Description

@viliket
viliket
opened on Nov 25, 2025

Description

Validation of com.google.protobuf.Timestamp fails with java.time.DateTimeException when the timestamp's seconds or nanoseconds values exceed the bounds that can be represented by Java's Instant class. This occurs when attempting to validate protobuf messages containing timestamps with extreme values like Long.MAX_VALUE for seconds, which cannot be converted to a valid Instant object.

The underlying issue is in ProtoAdapter class:

protovalidate-java/src/main/java/build/buf/protovalidate/ProtoAdapter.java

Lines 93 to 104 in 97b4e2d

case MESSAGE:
// cel-java 0.11.1 added support for java.time.Instant and java.time.Duration.
Message msg = (Message) value;
if (msg instanceof com.google.protobuf.Timestamp) {
Timestamp timestamp = (Timestamp) value;
return Instant.ofEpochSecond(timestamp.getSeconds(), timestamp.getNanos());
}
if (msg instanceof com.google.protobuf.Duration) {
com.google.protobuf.Duration duration = (com.google.protobuf.Duration) value;
return Duration.ofSeconds(duration.getSeconds(), duration.getNanos());
}
return value;

Similar issue seems to also affect com.google.protobuf.Duration if using extreme nanos values due to the ProtoAdapter implementation linked above.

Steps to Reproduce

  1. Define a protobuf message with a google.protobuf.Timestamp field:
syntax = "proto3";
package acme.foo.v1;
import "buf/validate/validate.proto";

message Foo {
  google.protobuf.Timestamp bar = 1;
}
  1. Create a protobuf message instance with timestamp seconds set to Long.MAX_VALUE:
Foo message = Foo.newBuilder()
    .setBar(Timestamp.newBuilder().setSeconds(Long.MAX_VALUE))
    .build();
  1. Attempt to validate the message using protovalidate: ValidationResult result = validator.validate(message);
  2. Observe the java.time.DateTimeException being thrown during validation

Expected Behavior

The validation should provide a clear validation error indicating the timestamp is out of bounds instead of throwing uncaught java.time.DateTimeException

Actual Behavior

A java.time.DateTimeException is thrown when the validator attempts to convert the protobuf timestamp to a Java Instant object, causing the entire validation process to fail with an unhandled exception rather than a proper validation error.

Screenshots/Logs

java.time.DateTimeException: Instant exceeds minimum or maximum instant
	at java.base/java.time.Instant.create(Instant.java:414)
	at java.base/java.time.Instant.ofEpochSecond(Instant.java:334)
	at build.buf.protovalidate.ProtoAdapter.scalarToCel(ProtoAdapter.java:98)
	at build.buf.protovalidate.ProtoAdapter.toCel(ProtoAdapter.java:65)
	at build.buf.protovalidate.ObjectValue.value(ObjectValue.java:65)
	at build.buf.protovalidate.ValueEvaluator.evaluate(ValueEvaluator.java:74)
	at build.buf.protovalidate.FieldEvaluator.evaluate(FieldEvaluator.java:121)
	at build.buf.protovalidate.MessageEvaluator.evaluate(MessageEvaluator.java:41)

Environment

  • Protovalidate Version: v1.0.1

Possible Solution

The protovalidate ProtoAdapter class or some other part of logic before it should:

  • Add bounds checking before attempting to convert protobuf timestamps to Java Instant objects or protobuf durations to Java Duration objects.
  • Or catch DateTimeException (timestamp to Instant case) / ArithmeticException (duration case) during protobuf to Java instance conversion and convert it to a proper validation error

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions