From: Dmitry Volyntsev <xeioex@nginx.com>
Date: Sat, 8 Jun 2024 05:58:53 +0000 (-0700)
Subject: Fixed integer overflow in Date.parse().
X-Git-Tag: 0.8.5~4
X-Git-Url: http://www.kaiwu.me/postgresql/commit/static/gitweb.js?a=commitdiff_plain;h=5ab25988c13a2fc5a970b72ab6fdf636a2980533;p=njs.git

Fixed integer overflow in Date.parse().

Found by OSS-Fuzz and UndefinedSanitizer.
---

diff --git a/src/njs_date.c b/src/njs_date.c
index 49ac3fc0..cd10abd5 100644
--- a/src/njs_date.c
+++ b/src/njs_date.c
@@ -676,8 +676,10 @@ njs_date_string_parse(njs_value_t *date)
             }
         }
 
-        p = njs_date_number_parse(&tm[NJS_DATE_MSEC], p, end, ms_length);
-        if (njs_slow_path(p == NULL)) {
+        if (njs_slow_path(njs_date_number_parse(&tm[NJS_DATE_MSEC], p, end,
+                                                njs_min(ms_length, 3))
+                          == NULL))
+        {
             return NAN;
         }
 
@@ -686,13 +688,10 @@ njs_date_string_parse(njs_value_t *date)
 
         } else if (ms_length == 2) {
             tm[NJS_DATE_MSEC] *= 10;
-
-        } else if (ms_length >= 4) {
-            for (ms_length -= 3; ms_length > 0; ms_length--) {
-                tm[NJS_DATE_MSEC] /= 10;
-            }
         }
 
+        p += ms_length;
+
         if (p < end) {
             utc_off = njs_date_utc_offset_parse(p, end);
             if (njs_slow_path(utc_off == -1)) {
diff --git a/src/test/njs_unit_test.c b/src/test/njs_unit_test.c
index c4b23c1d..130fad82 100644
--- a/src/test/njs_unit_test.c
+++ b/src/test/njs_unit_test.c
@@ -16285,6 +16285,12 @@ static njs_unit_test_t  njs_test[] =
     { njs_str("Date.parse('2011-06-24T06:01:02.6255555Z')"),
       njs_str("1308895262625") },
 
+    { njs_str("Date.parse('2011-06-24T06:01:02.625555555Z')"),
+      njs_str("1308895262625") },
+
+    { njs_str("Date.parse('2011-06-24T06:01:02.62555555599999Z')"),
+      njs_str("1308895262625") },
+
     { njs_str("Date.parse('2011-06-24T06:01:02.625555Z5')"),
       njs_str("NaN") },