mirror of
https://github.com/systemd/systemd.git
synced 2024-12-22 17:35:35 +03:00
shared: fix integer overflow in calendarspec
Fixes: oss-fuzz#22208 ``` test/fuzz/fuzz-calendarspec/oss-fuzz-22208... ../src/shared/calendarspec.c:666:48: runtime error: signed integer overflow: 2147000000 + 1000000 cannot be represented in type 'int' #0 0x7f0b9f6cc56a in prepend_component ../src/shared/calendarspec.c:666 #1 0x7f0b9f6cd03a in parse_chain ../src/shared/calendarspec.c:718 #2 0x7f0b9f6cea1c in parse_calendar_time ../src/shared/calendarspec.c:845 #3 0x7f0b9f6d1397 in calendar_spec_from_string ../src/shared/calendarspec.c:1084 #4 0x401570 in LLVMFuzzerTestOneInput ../src/fuzz/fuzz-calendarspec.c:17 #5 0x401ae0 in main ../src/fuzz/fuzz-main.c:39 #6 0x7f0b9e31b1a2 in __libc_start_main (/lib64/libc.so.6+0x271a2) #7 0x40122d in _start (/home/fsumsal/repos/systemd/build/fuzz-calendarspec+0x40122d) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/shared/calendarspec.c:666:48 in ```
This commit is contained in:
parent
89fe653544
commit
c07f18ffd4
@ -659,6 +659,10 @@ static int prepend_component(const char **p, bool usec, unsigned nesting, Calend
|
||||
/* If no repeat value is specified for the µs component, then let's explicitly refuse ranges
|
||||
* below 1s because our default repeat granularity is beyond that. */
|
||||
|
||||
/* Overflow check */
|
||||
if (start > INT_MAX - repeat)
|
||||
return -ERANGE;
|
||||
|
||||
if (usec && stop >= 0 && start + repeat > stop)
|
||||
return -EINVAL;
|
||||
}
|
||||
|
1
test/fuzz/fuzz-calendarspec/oss-fuzz-22208
Normal file
1
test/fuzz/fuzz-calendarspec/oss-fuzz-22208
Normal file
@ -0,0 +1 @@
|
||||
4:3:2147..2
|
Loading…
Reference in New Issue
Block a user