From 308dc969c41cee84b1b7c24fbadb7e27104fc500 Mon Sep 17 00:00:00 2001 From: Sami Vaarala Date: Sat, 4 Aug 2018 00:03:36 +0300 Subject: [PATCH 1/2] Fix some unchecked Windows date provider retvals --- src-input/duk_bi_date_windows.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/src-input/duk_bi_date_windows.c b/src-input/duk_bi_date_windows.c index 4b15917eeb..9d8e05923a 100644 --- a/src-input/duk_bi_date_windows.c +++ b/src-input/duk_bi_date_windows.c @@ -96,6 +96,7 @@ DUK_INTERNAL duk_int_t duk_bi_date_get_local_tzoffset_windows(duk_double_t d) { ULARGE_INTEGER tmp2; ULARGE_INTEGER tmp3; FILETIME ft1; + BOOL ret; /* XXX: handling of timestamps outside Windows supported range. * How does Windows deal with dates before 1600? Does windows @@ -115,7 +116,11 @@ DUK_INTERNAL duk_int_t duk_bi_date_get_local_tzoffset_windows(duk_double_t d) { ft1.dwLowDateTime = tmp2.LowPart; ft1.dwHighDateTime = tmp2.HighPart; - FileTimeToSystemTime((const FILETIME *) &ft1, &st2); + ret = FileTimeToSystemTime((const FILETIME *) &ft1, &st2); + if (!ret) { + DUK_D(DUK_DPRINT("FileTimeToSystemTime() failed, return tzoffset 0")); + return 0; + } if (SystemTimeToTzSpecificLocalTime((LPTIME_ZONE_INFORMATION) NULL, &st2, &st3) == 0) { DUK_D(DUK_DPRINT("SystemTimeToTzSpecificLocalTime() failed, return tzoffset 0")); return 0; @@ -135,6 +140,7 @@ DUK_INTERNAL duk_int_t duk_bi_date_get_local_tzoffset_windows_no_dst(duk_double_ FILETIME ft2; ULARGE_INTEGER tmp1; ULARGE_INTEGER tmp2; + BOOL ret; /* Do a similar computation to duk_bi_date_get_local_tzoffset_windows * but without accounting for daylight savings time. Use this on @@ -150,9 +156,17 @@ DUK_INTERNAL duk_int_t duk_bi_date_get_local_tzoffset_windows_no_dst(duk_double_ ft1.dwLowDateTime = tmp1.LowPart; ft1.dwHighDateTime = tmp1.HighPart; - FileTimeToLocalFileTime((const FILETIME *) &ft1, &ft2); + ret = FileTimeToLocalFileTime((const FILETIME *) &ft1, &ft2); + if (!ret) { + DUK_D(DUK_DPRINT("FileTimeToLocalFileTime() failed, return tzoffset 0")); + return 0; + } - FileTimeToSystemTime((const FILETIME *) &ft2, &st2); + ret = FileTimeToSystemTime((const FILETIME *) &ft2, &st2); + if (!ret) { + DUK_D(DUK_DPRINT("FileTimeToSystemTime() failed, return tzoffset 0")); + return 0; + } duk__convert_systime_to_ularge((const SYSTEMTIME *) &st2, &tmp2); return (duk_int_t) (((LONGLONG) tmp2.QuadPart - (LONGLONG) tmp1.QuadPart) / DUK_I64_CONSTANT(10000000)); /* seconds */ From 5af0c441e47954d49d340b163be21a8bed70bc3e Mon Sep 17 00:00:00 2001 From: Sami Vaarala Date: Sat, 4 Aug 2018 00:07:36 +0300 Subject: [PATCH 2/2] Releases: Windows Date provider uninit data fix --- RELEASES.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/RELEASES.rst b/RELEASES.rst index a51339ad6f..7876319ee2 100644 --- a/RELEASES.rst +++ b/RELEASES.rst @@ -3364,6 +3364,9 @@ Planned * Fix 'defined but not used' warning for Windows (GH-1775) +* Fix potential uninitialized data use when Windows Date provider + FileTimeToSystemTime() or FileTimeToLocalFileTime() failed (GH-1953) + * Fix some Clang warnings by avoiding undefined behavior by default, define DUK_USE_ALLOW_UNDEFINED_BEHAVIOR to reduce the explicit undefined behavior checks for better footprint/performance (GH-1777, GH-1795, GH-1796, GH-1797,