From: Zbigniew Jędrzejewski-Szmek Date: Mon, 19 Mar 2018 08:21:02 +0000 (+0100) Subject: basic/calendarspec: add check for repeat values that would overflow X-Git-Tag: v239~512^2~2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e127f26b1a19571a4da6094c226ad5f34438357a;p=thirdparty%2Fsystemd.git basic/calendarspec: add check for repeat values that would overflow https://oss-fuzz.com/v2/issue/4651449704251392/7004 --- diff --git a/src/basic/calendarspec.c b/src/basic/calendarspec.c index 648ac29af36..029fd9f990c 100644 --- a/src/basic/calendarspec.c +++ b/src/basic/calendarspec.c @@ -187,6 +187,8 @@ int calendar_spec_normalize(CalendarSpec *c) { } _pure_ static bool chain_valid(CalendarComponent *c, int from, int to, bool end_of_month) { + assert(to >= from); + if (!c) return true; @@ -197,6 +199,10 @@ _pure_ static bool chain_valid(CalendarComponent *c, int from, int to, bool end_ if (c->start < from || c->start > to) return false; + /* Avoid overly large values that could cause overflow */ + if (c->repeat > to - from) + return false; + /* * c->repeat must be short enough so at least one repetition may * occur before the end of the interval. For dates scheduled diff --git a/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-7004 b/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-7004 new file mode 100644 index 00000000000..77a5e5e8d6b --- /dev/null +++ b/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-7004 @@ -0,0 +1,3 @@ +timer +[Timer] +OnCalendar=*-31/2147483640 \ No newline at end of file diff --git a/test/fuzz-regressions/meson.build b/test/fuzz-regressions/meson.build index d36a3574e67..778228693b4 100644 --- a/test/fuzz-regressions/meson.build +++ b/test/fuzz-regressions/meson.build @@ -37,4 +37,5 @@ fuzz_regression_tests = ''' fuzz-unit-file/oss-fuzz-6908 fuzz-unit-file/oss-fuzz-6897 fuzz-unit-file/oss-fuzz-6897-evverx + fuzz-unit-file/oss-fuzz-7004 '''.split()