From ba82092e43d4769dbc6f0557d58a243f93542486 Mon Sep 17 00:00:00 2001
From: Nikias Bassen
Date: Fri, 22 May 2026 19:20:51 +0200
Subject: common: validate PLIST_DATE values before Time64_T conversion

Avoid undefined behavior when serializing malformed PLIST_DATE values
containing NaN, infinity, or values outside the Time64_T range. Add a
shared helper for checked date conversion and use it across writer paths.
---
 src/common.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'src/common.c')

diff --git a/src/common.c b/src/common.c
index 0b11d57..810c2e0 100644
--- a/src/common.c
+++ b/src/common.c
@@ -98,3 +98,18 @@ int num_digits_u(uint64_t i)
     return n;
 }
 #undef PO10u_LIMIT
+
+int plist_real_to_time64(double realval, Time64_T *timev)
+{
+    if (!timev || !isfinite(realval)) {
+        return -1;
+    }
+
+    if (realval < (double)TIME64_MIN - (double)MAC_EPOCH ||
+        realval > (double)TIME64_MAX - (double)MAC_EPOCH) {
+        return -1;
+    }
+
+    *timev = (Time64_T)realval + MAC_EPOCH;
+    return 0;
+}
-- 
cgit v1.1-32-gdbae