From 395389aa151b3daba15d6f3d1785fbefb8eda5d7 Mon Sep 17 00:00:00 2001
From: Kevin Backhouse <kevinbackhouse@github.com>
Date: Sun, 12 Sep 2021 22:48:24 +0100
Subject: [PATCH] Add more checks to prevent integer overflow.

---
 test/data/issue_1901_poc1.xmp                 |  1 +
 ...issue_1901_poc.xmp => issue_1901_poc2.xmp} |  0
 test/data/issue_1901_poc3.xmp                 |  1 +
 test/data/issue_1901_poc4.xmp                 |  1 +
 tests/bugfixes/github/test_issue_1901.py      | 95 +++++++++++++++++--
 xmpsdk/src/XMPUtils.cpp                       | 13 ++-
 6 files changed, 100 insertions(+), 11 deletions(-)
 create mode 100644 test/data/issue_1901_poc1.xmp
 rename test/data/{issue_1901_poc.xmp => issue_1901_poc2.xmp} (100%)
 create mode 100644 test/data/issue_1901_poc3.xmp
 create mode 100644 test/data/issue_1901_poc4.xmp

diff --git a/test/data/issue_1901_poc1.xmp b/test/data/issue_1901_poc1.xmp
new file mode 100644
index 00000000..7e8edbf9
--- /dev/null
+++ b/test/data/issue_1901_poc1.xmp
@@ -0,0 +1 @@
+<x:xmpmeta xmlns:x=" "><rdf:RDF xmlns:rdf=" "><rdf:Description xmlns:xmp="a"><xmp:CreateDate>-9223372036854775807</xmp:CreateDate></rdf:Description></rdf:RDF></x:xmpmeta>
\ No newline at end of file
diff --git a/test/data/issue_1901_poc.xmp b/test/data/issue_1901_poc2.xmp
similarity index 100%
rename from test/data/issue_1901_poc.xmp
rename to test/data/issue_1901_poc2.xmp
diff --git a/test/data/issue_1901_poc3.xmp b/test/data/issue_1901_poc3.xmp
new file mode 100644
index 00000000..6e9e16eb
--- /dev/null
+++ b/test/data/issue_1901_poc3.xmp
@@ -0,0 +1 @@
+<x:xmpmeta xmlns:x=" "><rdf:RDF xmlns:rdf=" "><rdf:Description xmlns:xmp="a"><xmp:CreateDate>2147483650</xmp:CreateDate></rdf:Description></rdf:RDF></x:xmpmeta>
\ No newline at end of file
diff --git a/test/data/issue_1901_poc4.xmp b/test/data/issue_1901_poc4.xmp
new file mode 100644
index 00000000..4aa754ce
--- /dev/null
+++ b/test/data/issue_1901_poc4.xmp
@@ -0,0 +1 @@
+<x:xmpmeta xmlns:x=" "><rdf:RDF xmlns:rdf=" "><rdf:Description xmlns:xmp="a"><xmp:CreateDate>2021</xmp:CreateDate></rdf:Description></rdf:RDF></x:xmpmeta>
\ No newline at end of file
diff --git a/tests/bugfixes/github/test_issue_1901.py b/tests/bugfixes/github/test_issue_1901.py
index ff485e6a..4c98e950 100644
--- a/tests/bugfixes/github/test_issue_1901.py
+++ b/tests/bugfixes/github/test_issue_1901.py
@@ -9,11 +9,16 @@ class XMPUtilsSetTimeZoneIntegerOverflow(metaclass=CaseMeta):
     """
     url = "https://github.com/Exiv2/exiv2/issues/1901"
 
-    filename = path("$data_path/issue_1901_poc.xmp")
-    commands = ["$exiv2 $filename"]
-    stderr = ["""Warning: Unsupported date format
-"""]
-    stdout = ["""File name       : $filename
+    filename1 = path("$data_path/issue_1901_poc1.xmp")
+    filename2 = path("$data_path/issue_1901_poc2.xmp")
+    filename3 = path("$data_path/issue_1901_poc3.xmp")
+    filename4 = path("$data_path/issue_1901_poc4.xmp")
+    commands = ["$exiv2 -q $filename1",
+                "$exiv2 -q $filename2",
+                "$exiv2 -q $filename3",
+                "$exiv2 -q $filename4"]
+    stderr = ["", "", "", ""]
+    stdout = ["""File name       : $filename1
 File size       : 170 Bytes
 MIME type       : application/rdf+xml
 Image size      : 0 x 0
@@ -38,5 +43,83 @@ White balance   :
 Copyright       : 
 Exif comment    : 
 
+""",
+              """File name       : $filename2
+File size       : 170 Bytes
+MIME type       : application/rdf+xml
+Image size      : 0 x 0
+Thumbnail       : None
+Camera make     : 
+Camera model    : 
+Image timestamp : 
+File number     : 
+Exposure time   : 
+Aperture        : 
+Exposure bias   : 
+Flash           : 
+Flash bias      : 
+Focal length    : 
+Subject distance: 
+ISO speed       : 
+Exposure mode   : 
+Metering mode   : 
+Macro mode      : 
+Image quality   : 
+White balance   : 
+Copyright       : 
+Exif comment    : 
+
+""",
+              """File name       : $filename3
+File size       : 160 Bytes
+MIME type       : application/rdf+xml
+Image size      : 0 x 0
+Thumbnail       : None
+Camera make     : 
+Camera model    : 
+Image timestamp : 
+File number     : 
+Exposure time   : 
+Aperture        : 
+Exposure bias   : 
+Flash           : 
+Flash bias      : 
+Focal length    : 
+Subject distance: 
+ISO speed       : 
+Exposure mode   : 
+Metering mode   : 
+Macro mode      : 
+Image quality   : 
+White balance   : 
+Copyright       : 
+Exif comment    : 
+
+""",
+              """File name       : $filename4
+File size       : 154 Bytes
+MIME type       : application/rdf+xml
+Image size      : 0 x 0
+Thumbnail       : None
+Camera make     : 
+Camera model    : 
+Image timestamp : 
+File number     : 
+Exposure time   : 
+Aperture        : 
+Exposure bias   : 
+Flash           : 
+Flash bias      : 
+Focal length    : 
+Subject distance: 
+ISO speed       : 
+Exposure mode   : 
+Metering mode   : 
+Macro mode      : 
+Image quality   : 
+White balance   : 
+Copyright       : 
+Exif comment    : 
+
 """]
-    retval = [0]
+    retval = [0, 0, 0, 0]
diff --git a/xmpsdk/src/XMPUtils.cpp b/xmpsdk/src/XMPUtils.cpp
index 8474b8dd..00849467 100644
--- a/xmpsdk/src/XMPUtils.cpp
+++ b/xmpsdk/src/XMPUtils.cpp
@@ -1960,11 +1960,14 @@ XMPUtils::SetTimeZone ( XMP_DateTime * xmpTime )
 		if ( now == -1 ) XMP_Throw ( "Failure from ANSI C time function", kXMPErr_ExternalFailure );
 		ansi_localtime ( &now, &tmLocal );
 	} else {
-		tmLocal.tm_year = xmpTime->year - 1900;
-#if 0
-		// Removed to fix https://github.com/Exiv2/exiv2/issues/1901
-		while ( tmLocal.tm_year < 70 ) tmLocal.tm_year += 4;	// ! Some versions of mktime barf on years before 1970.
-#endif
+		// Fix for https://github.com/Exiv2/exiv2/issues/1901
+		if (xmpTime->year < std::numeric_limits<decltype(tmLocal.tm_year)>::min() + 1900) {
+			tmLocal.tm_year = std::numeric_limits<decltype(tmLocal.tm_year)>::min();
+		} else if (xmpTime->year > std::numeric_limits<decltype(tmLocal.tm_year)>::max()) {
+			tmLocal.tm_year = std::numeric_limits<decltype(tmLocal.tm_year)>::max();
+		} else {
+			tmLocal.tm_year = xmpTime->year - 1900;
+		}
 		tmLocal.tm_mon	 = xmpTime->month - 1;
 		tmLocal.tm_mday	 = xmpTime->day;
 	}