Chromium

A typo

V547 / CWE-571 Expression ‘time.month <= kDaysInMonth[time.month] + 1’ is always true. time.cc 83

V547 / CWE-571 Expression ‘time.month <= kDaysInMonth[time.month]’ is always true. time.cc 85

This error is found in the Protocol Buffers (protobuf) library used by Chromium. Protocol Buffers is a protocol for serializing structured data developed by Google as a smaller and faster binary alternative to the XML text format.

A typo breaks the ValidateDateTime function used for date validation in the Protocol Buffers library. Let’s look into the code of the function.

static const int kDaysInMonth[13] = {
  0, 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31
};

bool ValidateDateTime(const DateTime& time) {
  if (time.year < 1 || time.year > 9999 ||
      time.month < 1 || time.month > 12 ||
      time.day < 1 || time.day > 31 ||
      time.hour < 0 || time.hour > 23 ||
      time.minute < 0 || time.minute > 59 ||
      time.second < 0 || time.second > 59) {
    return false;
  }
  if (time.month == 2 && IsLeapYear(time.year)) {
    return time.month <= kDaysInMonth[time.month] + 1;
  } else {
    return time.month <= kDaysInMonth[time.month];
  }
}

Its code contains a typo that makes the check of the day value incorrect. If you look closely, you’ll notice that what is compared with the maximum number of days in the month is the month value, not day value, from the date passed to the function.

Here it is again:

if (time.month == 2 && IsLeapYear(time.year)) {
  return time.month <= kDaysInMonth[time.month] + 1;
} else {
  return time.month <= kDaysInMonth[time.month];
}

What should be used in the comparison "time.month <=" is the structure member day, not month. It means the correct version should look like this:

if (time.month == 2 && IsLeapYear(time.year)) {
  return time.day <= kDaysInMonth[time.month] + 1;
} else {
  return time.day <= kDaysInMonth[time.month];
}

The month value (1 through 12) is, of course, always less than the number of days in any month.

Because of that, such dates as February 31 or November 31 will be treated as correct.

Please click here to see more bugs from this project.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.