Help save net neutrality! Learn more.
Close

#578 Two bugs in DateTime allow invalid dates through

closed
5
2012-08-15
2008-11-26
Paul Cowan
No

There are two ways to get an invalid date through the range checking in DateTime.packDate():

1) BC date -- packDate() just checks the year of the date, ignoring the era -- so a date between 9999BC and 1753BC will pass validation
2) Date which overflows a short -- e.g. the year 67536, which will turn into 2000 when cast to a short in DateTime.

I am attaching a testcase and fix for the two issues -- can break this out separately if need be.

Note that this patch is built upon the patch from http://sourceforge.net/tracker2/?func=detail&aid=2181003&group_id=33291&atid=407762 -- I can also make a clean patch if required.

Discussion

  • Paul Cowan

    Paul Cowan - 2008-11-26

    Testcase and patch

     
  • momo

    momo - 2009-08-20

    Thank you for reporting this issues.

    Problem 1 has been fixed in CVS. Problem 2 should be obsolete now, since there is no code path that allows such values to be passed to the DateTime constructor and that constructor isn't public, anyway.

    As a side-effect, the performance penalty introduced with the fix for bug [2181003] has been removed.

     

Log in to post a comment.