1
Subject: Fixed bug #53574 (Integer overflow in SdnToJulian, sometimes leading to segfault).
2
Origin: http://svn.php.net/viewvc?view=revision&revision=306475
6
Patch differs from upstream commit in that the edit to the NEWS file was
7
dropped to reduce patch conflicts.
10
ext/calendar/julian.c | 26 ++++++++++++++++++++------
11
ext/calendar/tests/bug53574.phpt | 35 +++++++++++++++++++++++++++++++++++
12
2 files changed, 55 insertions(+), 6 deletions(-)
14
Index: b/ext/calendar/tests/bug53574.phpt
15
===================================================================
17
+++ b/ext/calendar/tests/bug53574.phpt
20
+Bug #53574 (Integer overflow in SdnToJulian; leads to segfault)
22
+<?php include 'skipif.inc'; ?>
25
+if (PHP_INT_MAX == 0x7FFFFFFF) {
28
+ $x = 3315881921229094912;
31
+var_dump(cal_from_jd($x, CAL_JULIAN));
47
+ string(9) "Wednesday"
54
Index: b/ext/calendar/julian.c
55
===================================================================
56
--- a/ext/calendar/julian.c
57
+++ b/ext/calendar/julian.c
59
**************************************************************************/
64
#define JULIAN_SDN_OFFSET 32083
65
#define DAYS_PER_5_MONTHS 153
66
@@ -164,15 +165,22 @@ void SdnToJulian(
76
- temp = (sdn + JULIAN_SDN_OFFSET) * 4 - 1;
77
+ /* Check for overflow */
78
+ if (sdn > (LONG_MAX - JULIAN_SDN_OFFSET * 4 + 1) / 4 || sdn < LONG_MIN / 4) {
81
+ temp = sdn * 4 + (JULIAN_SDN_OFFSET * 4 - 1);
83
/* Calculate the year and day of year (1 <= dayOfYear <= 366). */
84
- year = temp / DAYS_PER_4_YEARS;
86
+ long yearl = temp / DAYS_PER_4_YEARS;
87
+ if (yearl > INT_MAX || yearl < INT_MIN) {
92
dayOfYear = (temp % DAYS_PER_4_YEARS) / 4 + 1;
94
/* Calculate the month and day of month. */
95
@@ -196,6 +204,12 @@ void SdnToJulian(
107
long int JulianToSdn(