From: Dmitry Volyntsev <xeioex@nginx.com>
Date: Wed, 2 Jun 2021 13:25:32 +0000 (+0000)
Subject: Fixed integer-overflow in MakeDay().
X-Git-Tag: 0.6.0~13
X-Git-Url: http://www.kaiwu.me/postgresql/commit/?a=commitdiff_plain;h=6f80708af987852efd9ea73abf71b3e959b524d9;p=njs.git

Fixed integer-overflow in MakeDay().

Found by OSS-Fuzz.
---

diff --git a/src/njs_date.c b/src/njs_date.c
index 910579f0..1239bf6f 100644
--- a/src/njs_date.c
+++ b/src/njs_date.c
@@ -124,10 +124,15 @@ njs_make_day(int64_t yr, int64_t month, int64_t date)
     double   days;
     int64_t  i, ym, mn, md;
 
+    static const int min_year = -271821;
+    static const int max_year = 275760;
     static const int month_days[] = { 31, 28, 31, 30, 31, 30,
                                       31, 31, 30, 31, 30, 31 };
 
-    if (yr < -271822 || yr > 275761) {
+    if (yr < min_year || yr > max_year
+        || month < (min_year * 12) || month > (max_year * 12)
+        || date < (min_year * 12 * 366) || date > (max_year * 12 * 366))
+    {
         return NAN;
     }
 
diff --git a/src/test/njs_unit_test.c b/src/test/njs_unit_test.c
index e1d9cd6e..3e49360e 100644
--- a/src/test/njs_unit_test.c
+++ b/src/test/njs_unit_test.c
@@ -15211,6 +15211,9 @@ static njs_unit_test_t  njs_test[] =
     { njs_str("new Date(NaN)"),
       njs_str("Invalid Date") },
 
+    { njs_str("new Date(0, 9e99)"),
+      njs_str("Invalid Date") },
+
 #ifndef NJS_SUNC
     { njs_str("new Date(-0).getTime()"),
       njs_str("0") },