Skip to content

Conversation

@devnexen
Copy link
Member

@devnexen devnexen commented Oct 5, 2024

No description provided.

@cmb69
Copy link
Member

cmb69 commented Oct 5, 2024

See also php/pecl-database-dbase@06121a5#diff-267845cccb1065a0819b505e5acbccaed653de3f6304d53e82b106b91f60f4adR139 (I don't know if that patch was correct, though).

@devnexen
Copy link
Member Author

devnexen commented Oct 5, 2024

sure let's truncate, will give it a try

@devnexen
Copy link
Member Author

devnexen commented Oct 5, 2024

See also php/pecl-database-dbase@06121a5#diff-267845cccb1065a0819b505e5acbccaed653de3f6304d53e82b106b91f60f4adR139 (I don't know if that patch was correct, though).

So I gave a try locally 2 existing tests fail, jdtofrench.phpt and jdtomonthname.phpt.

@cmb69
Copy link
Member

cmb69 commented Oct 5, 2024

So I gave a try locally 2 existing tests fail, jdtofrench.phpt and jdtomonthname.phpt.

Indeed, that patch is actually not meant for general consumption, but only for DBase date fields (limited range).

Anyhow, I do not understand the bug. Passing very large integers to SdnToGregorian() is supposed to fail early

if (sdn <= 0 ||
sdn > (LONG_MAX - 4 * GREGOR_SDN_OFFSET) / 4) {
goto fail;
}

Ah, that is Windows! I suggest to use INT_MAX instead of LONG_MAX there. That should do.

PS: or use ZEND_LONG_MAX there, and apply the additional check. In any way, LONG_MAX makes no sense there, since there are no longs involved.

Copy link
Member

@cmb69 cmb69 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, that should catch all overflows. Thank you!

@devnexen devnexen closed this in fde053b Nov 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Signed integer overflow in ext/calendar/gregor.c:161

2 participants