[libxml2] Fix integer overflow when comparing schema dates

[Nick Wellnhofer <nwellnhof src gnome org>]

commit 8e7c20a1af8776677d7890f30b7a180567701a49
Author: Nick Wellnhofer <wellnhofer aevum de>
Date:   Mon Aug 3 17:30:41 2020 +0200

    Fix integer overflow when comparing schema dates
    
    Found by OSS-Fuzz.

 xmlschemastypes.c | 10 ++++++++++
 1 file changed, 10 insertions(+)
---
diff --git a/xmlschemastypes.c b/xmlschemastypes.c
index 4249d7000..d6b9f924e 100644
--- a/xmlschemastypes.c
+++ b/xmlschemastypes.c
@@ -3691,6 +3691,8 @@ xmlSchemaCompareDurations(xmlSchemaValPtr x, xmlSchemaValPtr y)
        minday = 0;
        maxday = 0;
     } else {
+        if (myear > LONG_MAX / 366)
+            return -2;
         /* FIXME: This doesn't take leap year exceptions every 100/400 years
            into account. */
        maxday = 365 * myear + (myear + 3) / 4;
@@ -4079,6 +4081,14 @@ xmlSchemaCompareDates (xmlSchemaValPtr x, xmlSchemaValPtr y)
     if ((x == NULL) || (y == NULL))
         return -2;
 
+    if ((x->value.date.year > LONG_MAX / 366) ||
+        (x->value.date.year < LONG_MIN / 366) ||
+        (y->value.date.year > LONG_MAX / 366) ||
+        (y->value.date.year < LONG_MIN / 366)) {
+        /* Possible overflow when converting to days. */
+        return -2;
+    }
+
     if (x->value.date.tz_flag) {
 
         if (!y->value.date.tz_flag) {