[njs] Fixed integer-overflow in MakeDay().

[Dmitry Volyntsev]

details:   https://hg.nginx.org/njs/rev/befc2827d2d2
branches:  
changeset: 1648:befc2827d2d2
user:      Dmitry Volyntsev <xeioex at nginx.com>
date:      Wed Jun 02 13:25:32 2021 +0000
description:
Fixed integer-overflow in MakeDay().

Found by OSS-Fuzz.

diffstat:

 src/njs_date.c           |  7 ++++++-
 src/test/njs_unit_test.c |  3 +++
 2 files changed, 9 insertions(+), 1 deletions(-)

diffs (33 lines):

diff -r de189c66c757 -r befc2827d2d2 src/njs_date.c
--- a/src/njs_date.c	Mon May 31 06:55:34 2021 +0000
+++ b/src/njs_date.c	Wed Jun 02 13:25:32 2021 +0000
@@ -124,10 +124,15 @@ njs_make_day(int64_t yr, int64_t month, 
     double   days;
     int64_t  i, ym, mn, md;
 
+    static const int min_year = -271821;
+    static const int max_year = 275760;
     static const int month_days[] = { 31, 28, 31, 30, 31, 30,
                                       31, 31, 30, 31, 30, 31 };
 
-    if (yr < -271822 || yr > 275761) {
+    if (yr < min_year || yr > max_year
+        || month < (min_year * 12) || month > (max_year * 12)
+        || date < (min_year * 12 * 366) || date > (max_year * 12 * 366))
+    {
         return NAN;
     }
 
diff -r de189c66c757 -r befc2827d2d2 src/test/njs_unit_test.c
--- a/src/test/njs_unit_test.c	Mon May 31 06:55:34 2021 +0000
+++ b/src/test/njs_unit_test.c	Wed Jun 02 13:25:32 2021 +0000
@@ -15211,6 +15211,9 @@ static njs_unit_test_t  njs_test[] =
     { njs_str("new Date(NaN)"),
       njs_str("Invalid Date") },
 
+    { njs_str("new Date(0, 9e99)"),
+      njs_str("Invalid Date") },
+
 #ifndef NJS_SUNC
     { njs_str("new Date(-0).getTime()"),
       njs_str("0") },