Closed
Description
The current implementation of TimeZone's GetNextTransition / GetPreviousTransition methods behave poorly for very large or very small inputs, including possible denial-of-service issues caused by O(1) loops of expensive code.
Examples:
// Repro 1: far-future date, get previous transition
Temporal.TimeZone.from('Etc/GMT+10').getPreviousTransition(new Temporal.Instant(0n).add({hours: 24 * 1e8}));
// expected: ???
// actual: runs for a loooooooong time, probably over an hour (denial of service attack?) then will return null
// Repro 2: far-past date, get next transition
Temporal.TimeZone.from('Etc/GMT+10').getNextTransition(new Temporal.Instant(0n).add({hours: -24 * (1e8-1)}));
// expected: ???
// actual: runs for a loooooooong time, probably over an hour (denial of service attack?) then will return null
// Repro 3: future date in year 3021, get next transition
Temporal.TimeZone.from('Etc/GMT+10').getNextTransition(new Temporal.Instant(0n).add({hours: 24 * 365 * 1000}));
// expected: ???
// actual: nullThere are a few issues here:
- Can we prevent a denial-of-service attack caused by this expensive, O(1) loop?
- DST looking forward more than a few decades in the future seems inherently unreliable, and certainly not worth exposing the user's computer to a DoS opportunity.
Should we simply limit future dates to N years in the future (N = 100? N = 50? N = 20?), and throw a RangeError for anything past that?
BTW, we already limit the problem for too-small dates (There was no DST before 1847 C.E.) when calling GetPreviousTransition. We should use the same smarts in GetNextTransition to avoid Repro #2 above.