Integer overflow in SndToJewish leads to php hang

AT least in (inputDay is long, metonicCycle is int): metonicCycle = (inputDay + 310) / 6940; So large value give strange (negative) results or php hangs. This is patch already applied in some linux distro.
2024-11-24 10:24:11 +08:00 · 2013-05-21 18:04:17 +02:00 · 2013-05-21 18:04:17 +02:00 · 4828f7343b
commit 4828f7343b
parent 46b05bc57a
2 changed files with 20 additions and 1 deletions
--- a/ext/calendar/jewish.c
+++ b/ext/calendar/jewish.c
@ -272,6 +272,7 @@
 #define HALAKIM_PER_METONIC_CYCLE (HALAKIM_PER_LUNAR_CYCLE * (12 * 19 + 7))

 #define JEWISH_SDN_OFFSET 347997
+#define JEWISH_SDN_MAX 38245310 /* year 103759, 100000 A.D. */
 #define NEW_MOON_OF_CREATION 31524

 #define SUNDAY    0
@ -519,7 +520,7 @@ void SdnToJewish(
 	int tishri1After;
 	int yearLength;

-	if (sdn <= JEWISH_SDN_OFFSET) {
+	if (sdn <= JEWISH_SDN_OFFSET || sdn > JEWISH_SDN_MAX) {
 		*pYear = 0;
 		*pMonth = 0;
 		*pDay = 0;
--- a/ext/calendar/tests/jdtojewish64.phpt
+++ b/ext/calendar/tests/jdtojewish64.phpt
@ -0,0 +1,18 @@
+--TEST--
+Integer overflow in SndToJewish leads to php hang 
+--SKIPIF--
+<?php 
+include 'skipif.inc';
+if (PHP_INT_SIZE == 4) {
+        die("skip this test is for 64bit platform only");
+}
+?>
+--FILE--
+<?php
+$a = array(38245310, 38245311, 9223372036854743639);
+
+foreach ($a as $x) var_dump(jdtojewish($x));
+--EXPECTF--
+string(11) "2/22/103759"
+string(5) "0/0/0"
+string(5) "0/0/0"