From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 7 Apr 2019 15:37:31 +0000 (+0900)
Subject: calendarspec: fix possible integer overflow
X-Git-Tag: v242-rc4~16^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=daa4aca1cb45445fb19b3711538f0576a2b1c346;p=thirdparty%2Fsystemd.git

calendarspec: fix possible integer overflow

Fixes oss-fuzz#14108.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14108
---

diff --git a/src/shared/calendarspec.c b/src/shared/calendarspec.c
index 7caf7c64c39..d83e7962a65 100644
--- a/src/shared/calendarspec.c
+++ b/src/shared/calendarspec.c
@@ -579,6 +579,9 @@ static int calendarspec_from_time_t(CalendarSpec *c, time_t time) {
         if (!gmtime_r(&time, &tm))
                 return -ERANGE;
 
+        if (tm.tm_year > INT_MAX - 1900)
+                return -ERANGE;
+
         r = const_chain(tm.tm_year + 1900, &year);
         if (r < 0)
                 return r;
diff --git a/test/fuzz/fuzz-calendarspec/oss-fuzz-14108 b/test/fuzz/fuzz-calendarspec/oss-fuzz-14108
new file mode 100644
index 00000000000..6899c23a7e7
--- /dev/null
+++ b/test/fuzz/fuzz-calendarspec/oss-fuzz-14108
@@ -0,0 +1 @@
+@67767992554749550
\ No newline at end of file