Skip to content

Fix GH-16235 jdtogregorian overflow #16242

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Fix GH-16235 jdtogregorian overflow #16242

wants to merge 1 commit into from

Conversation

devnexen
Copy link
Member

@devnexen devnexen commented Oct 5, 2024

No description provided.

@devnexen devnexen linked an issue Oct 5, 2024 that may be closed by this pull request
Signed integer overflow in ext/calendar/gregor.c:161 #16235
Closed
@cmb69
Copy link
Member

cmb69 commented Oct 5, 2024

See also php/pecl-database-dbase@06121a5#diff-267845cccb1065a0819b505e5acbccaed653de3f6304d53e82b106b91f60f4adR139 (I don't know if that patch was correct, though).

@devnexen
Copy link
Member Author

devnexen commented Oct 5, 2024

sure let's truncate, will give it a try

@devnexen
Copy link
Member Author

devnexen commented Oct 5, 2024

See also php/pecl-database-dbase@06121a5#diff-267845cccb1065a0819b505e5acbccaed653de3f6304d53e82b106b91f60f4adR139 (I don't know if that patch was correct, though).

So I gave a try locally 2 existing tests fail, jdtofrench.phpt and jdtomonthname.phpt.

@cmb69
Copy link
Member

cmb69 commented Oct 5, 2024
edited
Loading

So I gave a try locally 2 existing tests fail, jdtofrench.phpt and jdtomonthname.phpt.

Indeed, that patch is actually not meant for general consumption, but only for DBase date fields (limited range).

Anyhow, I do not understand the bug. Passing very large integers to SdnToGregorian() is supposed to fail early

php-src/ext/calendar/gregor.c

Lines 150 to 153 in 4b855eb

if (sdn <= 0 ||
sdn > (LONG_MAX - 4 * GREGOR_SDN_OFFSET) / 4) {
goto fail;
}

Ah, that is Windows! I suggest to use INT_MAX instead of LONG_MAX there. That should do.

PS: or use ZEND_LONG_MAX there, and apply the additional check. In any way, LONG_MAX makes no sense there, since there are no longs involved.

cmb69
cmb69 reviewed Oct 5, 2024
View reviewed changes
@devnexen devnexen requested a review from cmb69 November 5, 2024 20:27
cmb69
cmb69 approved these changes Nov 6, 2024
View reviewed changes
Copy link
Member

@cmb69 cmb69 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, that should catch all overflows. Thank you!

@devnexen devnexen closed this in fde053b Nov 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cmb69 cmb69 cmb69 approved these changes

Assignees

No one assigned

Labels

Extension: calendar

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Signed integer overflow in ext/calendar/gregor.c:161

2 participants

@devnexen @cmb69