]> git.kaiwu.me - njs.git/commitdiff
projects / njs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9ade27b)
Fixed integer overflow in Date.parse().
authorDmitry Volyntsev <xeioex@nginx.com>
Sat, 8 Jun 2024 05:58:53 +0000 (22:58 -0700)
committerDmitry Volyntsev <xeioexception@gmail.com>
Mon, 10 Jun 2024 22:56:37 +0000 (15:56 -0700)
Found by OSS-Fuzz and UndefinedSanitizer.

src/njs_date.c patch | blob | history
src/test/njs_unit_test.c patch | blob | history

diff --git a/src/njs_date.c b/src/njs_date.c
index 49ac3fc0959df45a4260c1846893f664c2c72a84..cd10abd57d7c82c3bbd632ac783a62d601c2eeed 100644 (file)
--- a/src/njs_date.c
+++ b/src/njs_date.c
@@ -676,8 +676,10 @@ njs_date_string_parse(njs_value_t *date)
             }
         }
 
-        p = njs_date_number_parse(&tm[NJS_DATE_MSEC], p, end, ms_length);
-        if (njs_slow_path(p == NULL)) {
+        if (njs_slow_path(njs_date_number_parse(&tm[NJS_DATE_MSEC], p, end,
+                                                njs_min(ms_length, 3))
+                          == NULL))
+        {
             return NAN;
         }
 
@@ -686,13 +688,10 @@ njs_date_string_parse(njs_value_t *date)
 
         } else if (ms_length == 2) {
             tm[NJS_DATE_MSEC] *= 10;
-
-        } else if (ms_length >= 4) {
-            for (ms_length -= 3; ms_length > 0; ms_length--) {
-                tm[NJS_DATE_MSEC] /= 10;
-            }
         }
 
+        p += ms_length;
+
         if (p < end) {
             utc_off = njs_date_utc_offset_parse(p, end);
             if (njs_slow_path(utc_off == -1)) {
diff --git a/src/test/njs_unit_test.c b/src/test/njs_unit_test.c
index c4b23c1dd766c08665abe749a9860cd455956d3d..130fad8251a19e4d7c75a580b73bc1d26a22d22d 100644 (file)
--- a/src/test/njs_unit_test.c
+++ b/src/test/njs_unit_test.c
@@ -16285,6 +16285,12 @@ static njs_unit_test_t  njs_test[] =
     { njs_str("Date.parse('2011-06-24T06:01:02.6255555Z')"),
       njs_str("1308895262625") },
 
+    { njs_str("Date.parse('2011-06-24T06:01:02.625555555Z')"),
+      njs_str("1308895262625") },
+
+    { njs_str("Date.parse('2011-06-24T06:01:02.62555555599999Z')"),
+      njs_str("1308895262625") },
+
     { njs_str("Date.parse('2011-06-24T06:01:02.625555Z5')"),
       njs_str("NaN") },
 
njs upstream