summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWilliam M. Brack <wbrack@src.gnome.org>2004-09-18 06:18:55 +0000
committerWilliam M. Brack <wbrack@src.gnome.org>2004-09-18 06:18:55 +0000
commit0c2bd2e660a3bdd4a443a51132b65db272819acd (patch)
treea655f282f88f812e71f219d24906fe1f0b7e6f9a
parent76e92b0a34fdbac418fb20b724d51eae028e1215 (diff)
downloadlibxslt-0c2bd2e660a3bdd4a443a51132b65db272819acd.tar.gz
libxslt-0c2bd2e660a3bdd4a443a51132b65db272819acd.tar.bz2
libxslt-0c2bd2e660a3bdd4a443a51132b65db272819acd.zip
enhanced validation of date-time to catch bit-field overflow (bug 152836)
* libexslt/date.c: enhanced validation of date-time to catch bit-field overflow (bug 152836) * tests/exslt/date/date.2.*, tests/exslt/time.2.*: added test cases for above
Diffstat
-rw-r--r--ChangeLog7
-rw-r--r--libexslt/date.c38
-rw-r--r--tests/exslt/date/date.2.out36
-rw-r--r--tests/exslt/date/date.2.xml2
-rw-r--r--tests/exslt/date/time.2.out54
-rw-r--r--tests/exslt/date/time.2.xml3
6 files changed, 120 insertions, 20 deletions
diff --git a/ChangeLog b/ChangeLog
index 66dc945b..87ae6ed1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+Fri Sep 17 23:15:33 PDT 2004 William Brack <wbrack@mmm.com.hk>
+
+ * libexslt/date.c: enhanced validation of date-time to catch
+ bit-field overflow (bug 152836)
+ * tests/exslt/date/date.2.*, tests/exslt/time.2.*: added test
+ cases for above
+
Tue Sep 7 18:04:55 PDT 2004 William Brack <wbrack@mmm.com.hk>
* libxslt/numbers.c: further refinement to UTF8 pattern
diff --git a/libexslt/date.c b/libexslt/date.c
index 64c34a54..8863fa79 100644
--- a/libexslt/date.c
+++ b/libexslt/date.c
@@ -132,6 +132,7 @@ struct _exsltDateVal {
#define IS_TZO_CHAR(c) \
((c == 0) || (c == 'Z') || (c == '+') || (c == '-'))
+#define VALID_ALWAYS(num) (num >= 0)
#define VALID_YEAR(yr) (yr != 0)
#define VALID_MONTH(mon) ((mon >= 1) && (mon <= 12))
/* VALID_DAY should only be used when month is unknown */
@@ -277,6 +278,7 @@ _exsltDateParseGYear (exsltDateValDatePtr dt, const xmlChar **str)
* PARSE_2_DIGITS:
* @num: the integer to fill in
* @cur: an #xmlChar *
+ * @func: validation function for the number
* @invalid: an integer
*
* Parses a 2-digits integer and updates @num with the value. @cur is
@@ -284,12 +286,18 @@ _exsltDateParseGYear (exsltDateValDatePtr dt, const xmlChar **str)
* In case of error, @invalid is set to %TRUE, values of @num and
* @cur are undefined.
*/
-#define PARSE_2_DIGITS(num, cur, invalid) \
+#define PARSE_2_DIGITS(num, cur, func, invalid) \
if ((cur[0] < '0') || (cur[0] > '9') || \
(cur[1] < '0') || (cur[1] > '9')) \
invalid = 1; \
- else \
- num = (cur[0] - '0') * 10 + (cur[1] - '0'); \
+ else { \
+ int val; \
+ val = (cur[0] - '0') * 10 + (cur[1] - '0'); \
+ if (!func(val)) \
+ invalid = 2; \
+ else \
+ num = val; \
+ } \
cur += 2;
/**
@@ -319,7 +327,7 @@ _exsltDateParseGYear (exsltDateValDatePtr dt, const xmlChar **str)
* @cur are undefined.
*/
#define PARSE_FLOAT(num, cur, invalid) \
- PARSE_2_DIGITS(num, cur, invalid); \
+ PARSE_2_DIGITS(num, cur, VALID_ALWAYS, invalid); \
if (!invalid && (*cur == '.')) { \
double mult = 1; \
cur++; \
@@ -372,13 +380,10 @@ _exsltDateParseGMonth (exsltDateValDatePtr dt, const xmlChar **str)
const xmlChar *cur = *str;
int ret = 0;
- PARSE_2_DIGITS(dt->mon, cur, ret);
+ PARSE_2_DIGITS(dt->mon, cur, VALID_MONTH, ret);
if (ret != 0)
return ret;
- if (!VALID_MONTH(dt->mon))
- return 2;
-
*str = cur;
#ifdef DEBUG_EXSLT_DATE
@@ -417,13 +422,10 @@ _exsltDateParseGDay (exsltDateValDatePtr dt, const xmlChar **str)
const xmlChar *cur = *str;
int ret = 0;
- PARSE_2_DIGITS(dt->day, cur, ret);
+ PARSE_2_DIGITS(dt->day, cur, VALID_DAY, ret);
if (ret != 0)
return ret;
- if (!VALID_DAY(dt->day))
- return 2;
-
*str = cur;
#ifdef DEBUG_EXSLT_DATE
@@ -481,7 +483,7 @@ _exsltDateParseTime (exsltDateValDatePtr dt, const xmlChar **str)
unsigned int hour = 0; /* use temp var in case str is not xs:time */
int ret = 0;
- PARSE_2_DIGITS(hour, cur, ret);
+ PARSE_2_DIGITS(hour, cur, VALID_HOUR, ret);
if (ret != 0)
return ret;
@@ -492,7 +494,7 @@ _exsltDateParseTime (exsltDateValDatePtr dt, const xmlChar **str)
/* the ':' insures this string is xs:time */
dt->hour = hour;
- PARSE_2_DIGITS(dt->min, cur, ret);
+ PARSE_2_DIGITS(dt->min, cur, VALID_MIN, ret);
if (ret != 0)
return ret;
@@ -574,11 +576,9 @@ _exsltDateParseTimeZone (exsltDateValDatePtr dt, const xmlChar **str)
cur++;
- PARSE_2_DIGITS(tmp, cur, ret);
+ PARSE_2_DIGITS(tmp, cur, VALID_HOUR, ret);
if (ret != 0)
return ret;
- if (!VALID_HOUR(tmp))
- return 2;
if (*cur != ':')
return 1;
@@ -586,11 +586,9 @@ _exsltDateParseTimeZone (exsltDateValDatePtr dt, const xmlChar **str)
dt->tzo = tmp * 60;
- PARSE_2_DIGITS(tmp, cur, ret);
+ PARSE_2_DIGITS(tmp, cur, VALID_MIN, ret);
if (ret != 0)
return ret;
- if (!VALID_MIN(tmp))
- return 2;
dt->tzo += tmp;
if (isneg)
diff --git a/tests/exslt/date/date.2.out b/tests/exslt/date/date.2.out
index bf52b7a1..7c7c4cd4 100644
--- a/tests/exslt/date/date.2.out
+++ b/tests/exslt/date/date.2.out
@@ -91,3 +91,39 @@
hour-in-day : NaN
minute-in-hour : NaN
second-in-minute : NaN
+
+ Test Date : 0001-99-01
+ year : NaN
+ leap-year : NaN
+ month-in-year : NaN
+ month-name :
+ month-abbreviation :
+ week-in-year : NaN
+ day-in-year : NaN
+ day-in-month : NaN
+ day-of-week-in-month : NaN
+ day-in-week : NaN
+ day-name :
+ day-abbreviation :
+ time :
+ hour-in-day : NaN
+ minute-in-hour : NaN
+ second-in-minute : NaN
+
+ Test Date : 0001-01-99
+ year : NaN
+ leap-year : NaN
+ month-in-year : NaN
+ month-name :
+ month-abbreviation :
+ week-in-year : NaN
+ day-in-year : NaN
+ day-in-month : NaN
+ day-of-week-in-month : NaN
+ day-in-week : NaN
+ day-name :
+ day-abbreviation :
+ time :
+ hour-in-day : NaN
+ minute-in-hour : NaN
+ second-in-minute : NaN
diff --git a/tests/exslt/date/date.2.xml b/tests/exslt/date/date.2.xml
index 183504b3..2b0fb9a9 100644
--- a/tests/exslt/date/date.2.xml
+++ b/tests/exslt/date/date.2.xml
@@ -7,5 +7,7 @@
<date date="0001-12-32Z"/>
<date date="0001-13-01"/>
<date date="0001-11-00"/>
+ <date date="0001-99-01"/>
+ <date date="0001-01-99"/>
</page>
diff --git a/tests/exslt/date/time.2.out b/tests/exslt/date/time.2.out
index 2a1ee01d..e14b6f87 100644
--- a/tests/exslt/date/time.2.out
+++ b/tests/exslt/date/time.2.out
@@ -163,3 +163,57 @@
hour-in-day : NaN
minute-in-hour : NaN
second-in-minute : NaN
+
+ Test Date : 99:00:00
+ year : NaN
+ leap-year : NaN
+ month-in-year : NaN
+ month-name :
+ month-abbreviation :
+ week-in-year : NaN
+ day-in-year : NaN
+ day-in-month : NaN
+ day-of-week-in-month : NaN
+ day-in-week : NaN
+ day-name :
+ day-abbreviation :
+ time :
+ hour-in-day : NaN
+ minute-in-hour : NaN
+ second-in-minute : NaN
+
+ Test Date : 00:99:00
+ year : NaN
+ leap-year : NaN
+ month-in-year : NaN
+ month-name :
+ month-abbreviation :
+ week-in-year : NaN
+ day-in-year : NaN
+ day-in-month : NaN
+ day-of-week-in-month : NaN
+ day-in-week : NaN
+ day-name :
+ day-abbreviation :
+ time :
+ hour-in-day : NaN
+ minute-in-hour : NaN
+ second-in-minute : NaN
+
+ Test Date : 00:00:99
+ year : NaN
+ leap-year : NaN
+ month-in-year : NaN
+ month-name :
+ month-abbreviation :
+ week-in-year : NaN
+ day-in-year : NaN
+ day-in-month : NaN
+ day-of-week-in-month : NaN
+ day-in-week : NaN
+ day-name :
+ day-abbreviation :
+ time :
+ hour-in-day : NaN
+ minute-in-hour : NaN
+ second-in-minute : NaN
diff --git a/tests/exslt/date/time.2.xml b/tests/exslt/date/time.2.xml
index 0db9cb4b..d6f19efc 100644
--- a/tests/exslt/date/time.2.xml
+++ b/tests/exslt/date/time.2.xml
@@ -11,5 +11,8 @@
<date date="24:00:00"/>
<date date="00:60:00"/>
<date date="00:00:60"/>
+ <date date="99:00:00"/>
+ <date date="00:99:00"/>
+ <date date="00:00:99"/>
</page>
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-26 16:23:33 +0000