From daa4aca1cb45445fb19b3711538f0576a2b1c346 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 8 Apr 2019 00:37:31 +0900
Subject: [PATCH] calendarspec: fix possible integer overflow

Fixes oss-fuzz#14108.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14108
---
 src/shared/calendarspec.c                  | 3 +++
 test/fuzz/fuzz-calendarspec/oss-fuzz-14108 | 1 +
 2 files changed, 4 insertions(+)
 create mode 100644 test/fuzz/fuzz-calendarspec/oss-fuzz-14108

diff --git a/src/shared/calendarspec.c b/src/shared/calendarspec.c
index 7caf7c64c39..d83e7962a65 100644
--- a/src/shared/calendarspec.c
+++ b/src/shared/calendarspec.c
@@ -579,6 +579,9 @@ static int calendarspec_from_time_t(CalendarSpec *c, time_t time) {
         if (!gmtime_r(&time, &tm))
                 return -ERANGE;
 
+        if (tm.tm_year > INT_MAX - 1900)
+                return -ERANGE;
+
         r = const_chain(tm.tm_year + 1900, &year);
         if (r < 0)
                 return r;
diff --git a/test/fuzz/fuzz-calendarspec/oss-fuzz-14108 b/test/fuzz/fuzz-calendarspec/oss-fuzz-14108
new file mode 100644
index 00000000000..6899c23a7e7
--- /dev/null
+++ b/test/fuzz/fuzz-calendarspec/oss-fuzz-14108
@@ -0,0 +1 @@
+@67767992554749550
\ No newline at end of file
-- 
2.47.3