OSSFuzz Bug Fix #1203
OSSFuzz Bug Fix #1203
Conversation
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
|
Could we include a test case for this scenario as well? |
|
@Gallaecio Good evening, we just pushed a test case to go with the change. It utilizes the same settings and args that caused the bug during fuzzing to ensure that this bug is not reintroduced down the line. Thank you! |
dateparser/parser.py
Outdated
| dateobj_time = None | ||
| if tz: | ||
| try: | ||
| dateobj_time = (dateobj - tz.utcoffset(dateobj)).time() | ||
| except pytz.InvalidTimeError: | ||
| pass | ||
|
|
||
| if not dateobj_time: | ||
| dateobj_time = dateobj.time() |
There was a problem hiding this comment.
This code looks like a no-op at the moment, it defines a dateobj_time variable that is never used.
|
@Gallaecio It looks like someone updated the same function and merged to main since this fix, which caused a merge conflict that was not resolved correctly. This latest commit actually handles the bug |
This pull request fixes a crash encountered during OSSFuzz continuous fuzzing. Previously, an InvalidTimeError exception in pytz's UTC offset when processing 01-01-1970 0400 would cause parsing to exit prematurely. This fix catches the exception and resolves dateobj_time the secondary way.
Additionally, to detect bugs prior to them being merged into the codebase, the CIFuzz.yml job that comes with OSSFuzz is proposed in this PR. With this, each PR will be fuzz-tested as part of the CI workflow.
Thank you for your time and your review!