From e127f26b1a19571a4da6094c226ad5f34438357a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 19 Mar 2018 09:21:02 +0100
Subject: [PATCH] basic/calendarspec: add check for repeat values that would
 overflow

https://oss-fuzz.com/v2/issue/4651449704251392/7004
---
 src/basic/calendarspec.c                           | 6 ++++++
 test/fuzz-regressions/fuzz-unit-file/oss-fuzz-7004 | 3 +++
 test/fuzz-regressions/meson.build                  | 1 +
 3 files changed, 10 insertions(+)
 create mode 100644 test/fuzz-regressions/fuzz-unit-file/oss-fuzz-7004

diff --git a/src/basic/calendarspec.c b/src/basic/calendarspec.c
index 648ac29af36..029fd9f990c 100644
--- a/src/basic/calendarspec.c
+++ b/src/basic/calendarspec.c
@@ -187,6 +187,8 @@ int calendar_spec_normalize(CalendarSpec *c) {
 }
 
 _pure_ static bool chain_valid(CalendarComponent *c, int from, int to, bool end_of_month) {
+        assert(to >= from);
+
         if (!c)
                 return true;
 
@@ -197,6 +199,10 @@ _pure_ static bool chain_valid(CalendarComponent *c, int from, int to, bool end_
         if (c->start < from || c->start > to)
                 return false;
 
+        /* Avoid overly large values that could cause overflow */
+        if (c->repeat > to - from)
+                return false;
+
         /*
          * c->repeat must be short enough so at least one repetition may
          * occur before the end of the interval.  For dates scheduled
diff --git a/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-7004 b/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-7004
new file mode 100644
index 00000000000..77a5e5e8d6b
--- /dev/null
+++ b/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-7004
@@ -0,0 +1,3 @@
+timer
+[Timer]
+OnCalendar=*-31/2147483640
\ No newline at end of file
diff --git a/test/fuzz-regressions/meson.build b/test/fuzz-regressions/meson.build
index d36a3574e67..778228693b4 100644
--- a/test/fuzz-regressions/meson.build
+++ b/test/fuzz-regressions/meson.build
@@ -37,4 +37,5 @@ fuzz_regression_tests = '''
         fuzz-unit-file/oss-fuzz-6908
         fuzz-unit-file/oss-fuzz-6897
         fuzz-unit-file/oss-fuzz-6897-evverx
+        fuzz-unit-file/oss-fuzz-7004
 '''.split()