Fix GH-16228 overflow on easter_days/easter_date year argument. #16241
Conversation
ext/calendar/easter.c
Outdated
| @@ -48,6 +48,11 @@ static void _cal_easter(INTERNAL_FUNCTION_PARAMETERS, bool gm) | |||
| } | |||
| } | |||
|
|
|||
| if (year < 0 || year > (ZEND_LONG_MAX - 1)) { | |||
There was a problem hiding this comment.
The computation dom = (year + (year/4) - (year/100) + (year/400)) % 7 can still overflow.
Also, year 0 does not exist.
ext/calendar/easter.c
Outdated
| @@ -28,6 +28,7 @@ static void _cal_easter(INTERNAL_FUNCTION_PARAMETERS, bool gm) | |||
| struct tm te; | |||
| zend_long year, golden, solar, lunar, pfm, dom, tmp, easter, result; | |||
| zend_long method = CAL_EASTER_DEFAULT; | |||
| const double max_year = (double)(ZEND_LONG_MAX / 1.25); | |||
There was a problem hiding this comment.
The double cast is not necessary.
There was a problem hiding this comment.
How did you come to the conclusion to divide by 1.25?
There was a problem hiding this comment.
because year + (year/4) = 1.25*year;
There was a problem hiding this comment.
Ah, and because - (year/100) + (year/400) must be less than 0 this is indeed sufficient of course. This is right.
ext/calendar/easter.c
Outdated
| if (year < 0 || year > (ZEND_LONG_MAX - 1)) { | ||
| zend_argument_value_error(1, "must be between 0 and " ZEND_LONG_FMT, (ZEND_LONG_MAX - 1)); | ||
| if (year <= 0 || (double)year > max_year) { | ||
| zend_argument_value_error(1, "must be between 1 and " ZEND_LONG_FMT, (zend_long)max_year); |
There was a problem hiding this comment.
(zend_long)max_year can also be UB because it's not necessarily representable?
|
@devnexen This patch will work, I just missed some details sorry. I think however it's nicer if we avoid the double and only use zend_long. |
No description provided.