basic/calendarspec: add check for repeat values that would overflow

https://oss-fuzz.com/v2/issue/4651449704251392/7004

diff --git a/src/basic/calendarspec.c b/src/basic/calendarspec.c
index 648ac29..029fd9f 100644 (file)
--- a/src/basic/calendarspec.c
+++ b/src/basic/calendarspec.c
@@ -187,6 +187,8 @@ int calendar_spec_normalize(CalendarSpec *c) {
 }
 
 _pure_ static bool chain_valid(CalendarComponent *c, int from, int to, bool end_of_month) {
+        assert(to >= from);
+
         if (!c)
                 return true;
 
@@ -197,6 +199,10 @@ _pure_ static bool chain_valid(CalendarComponent *c, int from, int to, bool end_
         if (c->start < from || c->start > to)
                 return false;
 
+        /* Avoid overly large values that could cause overflow */
+        if (c->repeat > to - from)
+                return false;
+
         /*
          * c->repeat must be short enough so at least one repetition may
          * occur before the end of the interval.  For dates scheduled

diff --git a/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-7004 b/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-7004
new file mode 100644 (file)
index 0000000..77a5e5e
--- /dev/null
+++ b/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-7004
@@ -0,0 +1,3 @@
+timer
+[Timer]
+OnCalendar=*-31/2147483640
\ No newline at end of file

diff --git a/test/fuzz-regressions/meson.build b/test/fuzz-regressions/meson.build
index d36a357..7782286 100644 (file)
--- a/test/fuzz-regressions/meson.build
+++ b/test/fuzz-regressions/meson.build
@@ -37,4 +37,5 @@ fuzz_regression_tests = '''
         fuzz-unit-file/oss-fuzz-6908
         fuzz-unit-file/oss-fuzz-6897
         fuzz-unit-file/oss-fuzz-6897-evverx
+        fuzz-unit-file/oss-fuzz-7004
 '''.split()