fmt: fix panic bug in strptime when using %C

BurntSushi · BurntSushi · commit 0315477648ca · 2025-10-08T19:34:17.000-04:00
The code previously assumed that `%C` could never parse more than 2 digits. I believe this restriction was relaxed at some point, but the assumption was never revisited in this part of the code. This fixes the panic by forcefully restricting the absolute value of the parsed century to be in the range `0..=99`. Fixes #426
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -18,6 +18,8 @@ is a fallback for `TimeZone::system()` (instead of the `jiff 0.1` behavior of
 using `TimeZone::UTC`).
 * [#423](https://github.com/BurntSushi/jiff/issues/423):
 Fix a panicking bug when reading malformed TZif data.
+* [#426](https://github.com/BurntSushi/jiff/issues/426):
+Fix a panicking bug when parsing century (`%C`) via `strptime`.
 
 
 0.2.15 (2025-06-13)
diff --git a/src/fmt/strtime/parse.rs b/src/fmt/strtime/parse.rs
@@ -861,6 +861,12 @@ impl<'f, 'i, 't> Parser<'f, 'i, 't> {
             .context("failed to parse century")?;
         self.inp = inp;
 
+        if !(0 <= century && century <= 99) {
+            return Err(err!(
+                "century `{century}` is too big, must be in range 0-99",
+            ));
+        }
+
         // OK because sign=={1,-1} and century can't be bigger than 2 digits
         // so overflow isn't possible.
         let century = sign.checked_mul(century).unwrap();
@@ -2187,4 +2193,21 @@ mod tests {
             @r#"strptime expects to consume the entire input, but "15" remains unparsed"#,
         );
     }
+
+    /// Regression test for checked arithmetic panicking.
+    ///
+    /// Ref https://github.com/BurntSushi/jiff/issues/426
+    #[test]
+    fn err_parse_large_century() {
+        let p = |fmt: &str, input: &str| {
+            BrokenDownTime::parse_mono(fmt.as_bytes(), input.as_bytes())
+                .unwrap_err()
+                .to_string()
+        };
+
+        insta::assert_snapshot!(
+            p("%^50C%", "2000000000000000000#0077)()"),
+            @"strptime parsing failed: %C failed: century `2000000000000000000` is too big, must be in range 0-99",
+        );
+    }
 }
