fix: prevent panics from dates which cannot be represented by the time crate (#720)

Byron · Byron · commit 786f6dc5c1f7 · 2023-02-04T20:12:24.000+01:00
diff --git a/git-date/src/parse.rs b/git-date/src/parse.rs
@@ -3,6 +3,8 @@
 pub enum Error {
     #[error("Cannot represent times before UNIX epoch at timestamp {timestamp}")]
     TooEarly { timestamp: i64 },
+    #[error("Could not convert a duration into a date")]
+    RelativeTimeConversion,
     #[error("Date string can not be parsed")]
     InvalidDateString,
     #[error("Dates past 2038 can not be represented.")]
@@ -114,10 +116,13 @@ mod relative {
     pub(crate) fn parse(input: &str, now: Option<SystemTime>) -> Option<Result<OffsetDateTime, Error>> {
         parse_inner(input).map(|offset| {
             let offset = std::time::Duration::from_secs(offset.whole_seconds().try_into()?);
-            now.ok_or(Error::MissingCurrentTime).map(|now| {
-                now.checked_sub(offset)
-                    .expect("BUG: values can't be large enough to cause underflow")
-                    .into()
+            now.ok_or(Error::MissingCurrentTime).and_then(|now| {
+                std::panic::catch_unwind(|| {
+                    now.checked_sub(offset)
+                        .expect("BUG: values can't be large enough to cause underflow")
+                        .into()
+                })
+                .map_err(|_| Error::RelativeTimeConversion)
             })
         })
     }
diff --git a/git-date/tests/time/parse.rs b/git-date/tests/time/parse.rs
@@ -134,9 +134,11 @@ mod relative {
     }
 
     #[test]
-    #[should_panic] // TODO: fix
-    fn large_offsets_can_panic_elsewhere() {
-        git_date::parse("9999999999 weeks ago", Some(std::time::UNIX_EPOCH)).ok();
+    fn large_offsets_do_not_panic() {
+        assert!(matches!(
+            git_date::parse("9999999999 weeks ago", Some(std::time::UNIX_EPOCH)),
+            Err(git_date::parse::Error::RelativeTimeConversion)
+        ));
     }
 
     #[test]
diff --git a/git-revision/tests/spec/parse/mod.rs b/git-revision/tests/spec/parse/mod.rs
@@ -240,7 +240,15 @@ mod fuzz {
 
     #[test]
     fn failures() {
-        for spec in ["|^--", "^^-^", "^^-", ":/!-", "A6a^-09223372036854775808", "^^^^^^-("] {
+        for spec in [
+            "@{6255520 day ago}: ",
+            "|^--",
+            "^^-^",
+            "^^-",
+            ":/!-",
+            "A6a^-09223372036854775808",
+            "^^^^^^-(",
+        ] {
             drop(
                 try_parse_opts(
                     spec,

Original file line number	Diff line number	Diff line change
`@@ -134,9 +134,11 @@ mod relative {`
`134`	`134`	`}`
`135`	`135`
`136`	`136`	`#[test]`
`137`		`- #[should_panic] // TODO: fix`
`138`		`- fn large_offsets_can_panic_elsewhere() {`
`139`		`- git_date::parse("9999999999 weeks ago", Some(std::time::UNIX_EPOCH)).ok();`
	`137`	`+ fn large_offsets_do_not_panic() {`
	`138`	`+ assert!(matches!(`
	`139`	`+ git_date::parse("9999999999 weeks ago", Some(std::time::UNIX_EPOCH)),`
	`140`	`+ Err(git_date::parse::Error::RelativeTimeConversion)`
	`141`	`+ ));`
`140`	`142`	`}`
`141`	`143`
`142`	`144`	`#[test]`