Closed Bug 405650 Opened 12 years ago Closed 11 years ago
Integer overflow during creating custom reminders
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:18.104.22.168pre) Gecko/2007112703 Calendar/0.8pre The Custom Reminder dialog allows entering arbitrary values for the minutes/hours/days. Entering values greater than 32767 results in an integer overflow in the resulting trigger duration. Example: Entered values for X minutes before the event starts: | Entry in exported .ics file: | | Displayed entry in dialog upon editing: | | | 24671 DURATION:-P17DT3H11M ok (24671 minutes before the event starts) 32767 DURATION:-P22DT18H7M ok (32767 minutes before the event starts) 32768 DURATION:P22DT18H8M not ok (32768 minutes after the event starts) 43210 DURATION:P15DT12H6M not ok (22326 minutes after the event starts) 65535 DURATION:PT1M not ok (1 minute after the event starts) 65536 DURATION:PT0S not ok (0 day after the event starts) Expected Results: Either the integer overflow must be handled to allow such arbitrary values or the input should be limited to a valid range. The latter solution is already used in the Custom Recurrence dialog.
Additional information: If "minutes" or "hours" are selected the issue happens at a value of 32768. This looks like a short integer overflow (max. short value 32767, 0x7FFF). If "days" is selected the issue already happens at a value of 24856. This looks like a long integer overflow of the value converted to seconds (24856 days == 2147558400 seconds.) (max. long value 2147483647, 0x7FFFFFFF). What would be a sufficient limitation of the allowed range? In my opinion 20160 might be a good value because it would allow to specify an reminder within 14 days with one minute precision. or 120 days with one hour precision.
Version: Mozilla 1.8 Branch → unspecified
Assignee: nobody → ssitter
Status: NEW → ASSIGNED
Attachment #349563 - Flags: review?(daniel.boelzle)
Comment on attachment 349563 [details] [diff] [review] proposed fix Looks good to me, r=philipp
Attachment #349563 - Flags: review?(daniel.boelzle) → review+
Checked in: http://hg.mozilla.org/comm-central/rev/585097dc9df5 Please change status/fields appropriate.
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → 1.0
These bugs are likely targeted at Lightning 1.0b1, not Lightning 1.0. If this change was done in error, please adjust the target milestone to its correct value. To filter on this bugspam, you can use "lightning-10-target-move".
Target Milestone: 1.0 → 1.0b1
You need to log in before you can comment on or make changes to this bug.