Integer overflow in SndToJewish leads to php hang

AT least in (inputDay is long, metonicCycle is int):
   metonicCycle = (inputDay + 310) / 6940;

So large value give strange (negative) results or php hangs.
This is patch already applied in some linux distro.

diff --git a/ext/calendar/jewish.c b/ext/calendar/jewish.c
index f4dc7c35ae57cb63c7f32d0633e2a377c0eb7bd8..1e7a06c8a6dd0d6bf3b24f912a7fd40b53cbef69 100644 (file)
--- a/ext/calendar/jewish.c
+++ b/ext/calendar/jewish.c
@@ -272,6 +272,7 @@
 #define HALAKIM_PER_METONIC_CYCLE (HALAKIM_PER_LUNAR_CYCLE * (12 * 19 + 7))
 
 #define JEWISH_SDN_OFFSET 347997
+#define JEWISH_SDN_MAX 38245310 /* year 103759, 100000 A.D. */
 #define NEW_MOON_OF_CREATION 31524
 
 #define SUNDAY    0
@@ -519,7 +520,7 @@ void SdnToJewish(
        int tishri1After;
        int yearLength;
 
-       if (sdn <= JEWISH_SDN_OFFSET) {
+       if (sdn <= JEWISH_SDN_OFFSET || sdn > JEWISH_SDN_MAX) {
                *pYear = 0;
                *pMonth = 0;
                *pDay = 0;

diff --git a/ext/calendar/tests/jdtojewish64.phpt b/ext/calendar/tests/jdtojewish64.phpt
new file mode 100644 (file)
index 0000000..50f7f33
--- /dev/null
+++ b/ext/calendar/tests/jdtojewish64.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Integer overflow in SndToJewish leads to php hang 
+--SKIPIF--
+<?php 
+include 'skipif.inc';
+if (PHP_INT_SIZE == 4) {
+        die("skip this test is for 64bit platform only");
+}
+?>
+--FILE--
+<?php
+$a = array(38245310, 38245311, 9223372036854743639);
+
+foreach ($a as $x) var_dump(jdtojewish($x));
+--EXPECTF--
+string(11) "2/22/103759"
+string(5) "0/0/0"
+string(5) "0/0/0"