From 80894d87d5aaeb238074c584fe896c9d49ce291d Mon Sep 17 00:00:00 2001 From: David Carlier Date: Sun, 17 Nov 2024 08:47:46 +0000 Subject: [PATCH] Fix GH-16834: cal_from_jd overflow on julian_day argument. close GH-16836 --- NEWS | 1 + ext/calendar/gregor.c | 5 +++++ ext/calendar/tests/gh16834.phpt | 31 +++++++++++++++++++++++++++++++ 3 files changed, 37 insertions(+) create mode 100644 ext/calendar/tests/gh16834.phpt diff --git a/NEWS b/NEWS index ee2e49499205b..c81066f90e6e0 100644 --- a/NEWS +++ b/NEWS @@ -4,6 +4,7 @@ PHP NEWS - Calendar: . Fixed jdtogregorian overflow. (David Carlier) + . Fixed cal_to_jd julian_days argument overflow. (David Carlier) - Core: . Fail early in *nix configuration build script. (hakre) diff --git a/ext/calendar/gregor.c b/ext/calendar/gregor.c index 17dc6db0e6315..3aef7ae6ac505 100644 --- a/ext/calendar/gregor.c +++ b/ext/calendar/gregor.c @@ -162,6 +162,11 @@ void SdnToGregorian( /* Calculate the year and day of year (1 <= dayOfYear <= 366). */ temp = ((temp % DAYS_PER_400_YEARS) / 4) * 4 + 3; + + if (century > ((INT_MAX / 100) - (temp / DAYS_PER_4_YEARS))) { + goto fail; + } + year = (century * 100) + (temp / DAYS_PER_4_YEARS); dayOfYear = (temp % DAYS_PER_4_YEARS) / 4 + 1; diff --git a/ext/calendar/tests/gh16834.phpt b/ext/calendar/tests/gh16834.phpt new file mode 100644 index 0000000000000..ea9b8d0079a81 --- /dev/null +++ b/ext/calendar/tests/gh16834.phpt @@ -0,0 +1,31 @@ +--TEST-- +GH-16834 (cal_from_jd from julian_day argument) +--EXTENSIONS-- +calendar +--SKIPIF-- + +--FILE-- + +--EXPECTF-- +array(9) { + ["date"]=> + string(5) "0/0/0" + ["month"]=> + int(0) + ["day"]=> + int(0) + ["year"]=> + int(0) + ["dow"]=> + int(%d) + ["abbrevdayname"]=> + string(3) "%s" + ["dayname"]=> + string(9) "%s" + ["abbrevmonth"]=> + string(0) "" + ["monthname"]=> + string(0) "" +}