picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

shared: fix integer overflow in calendarspec 

Fixes: oss-fuzz#22208

```
test/fuzz/fuzz-calendarspec/oss-fuzz-22208... ../src/shared/calendarspec.c:666:48: runtime error: signed integer overflow: 2147000000 + 1000000 cannot be represented in type 'int'
    #0 0x7f0b9f6cc56a in prepend_component ../src/shared/calendarspec.c:666
    #1 0x7f0b9f6cd03a in parse_chain ../src/shared/calendarspec.c:718
    #2 0x7f0b9f6cea1c in parse_calendar_time ../src/shared/calendarspec.c:845
    #3 0x7f0b9f6d1397 in calendar_spec_from_string ../src/shared/calendarspec.c:1084
    #4 0x401570 in LLVMFuzzerTestOneInput ../src/fuzz/fuzz-calendarspec.c:17
    #5 0x401ae0 in main ../src/fuzz/fuzz-main.c:39
    #6 0x7f0b9e31b1a2 in __libc_start_main (/lib64/libc.so.6+0x271a2)
    #7 0x40122d in _start (/home/fsumsal/repos/systemd/build/fuzz-calendarspec+0x40122d)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/shared/calendarspec.c:666:48 in
```
This commit is contained in:
Frantisek Sumsal 2020-05-15 12:02:43 +02:00 committed by Lennart Poettering
parent 89fe653544
commit c07f18ffd4
2 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/shared/calendarspec.c
View File

@ -659,6 +659,10 @@ static int prepend_component(const char **p, bool usec, unsigned nesting, Calend
/* If no repeat value is specified for the µs component, then let's explicitly refuse ranges
* below 1s because our default repeat granularity is beyond that. */
/* Overflow check */
if (start > INT_MAX - repeat)
return -ERANGE;
if (usec && stop >= 0 && start + repeat > stop)
return -EINVAL;
}

1
test/fuzz/fuzz-calendarspec/oss-fuzz-22208 Normal file
View File

@ -0,0 +1 @@
4:3:2147..2