Bug#162917: libc6: strftime crashes with invalid input

[Ben Collins <bcollins@debian.org>]

On Tue, Oct 01, 2002 at 08:58:53PM +1000, Hamish Moffatt wrote:
> On Mon, Sep 30, 2002 at 07:45:52PM -0400, Ben Collins wrote:
> > Anything else is obviously undefined. Since SUSv2 defines the range on
> > the input parameters, it should not be expected that that all functions
> > using struct tm should have to verify all members of struct tm fit into
> > the range. That is the job of the caller.
> > 
> > Unless you can provide statements to the contrary, I'll close this bug.
> 
> Can't you do something better than crash? Admittedly, strftime(3)
> indicates that it doesn't have a way to definitively indicate that an
> error occured, which is IMHO poor design.
> 
> You can mark it wontfix but I still think it's a bug. We found this bug
> through the Xpdf package, so I've invited the Xpdf author to add his
> comments.

You found the bug by ignoring the error return of another function.
That's no fault of the design of strftime. Adding the complexity to
every function that uses struct tm of checking it's validity is
rediculous.

Are you going to suggest that everything that uses a pointer should
check if the pointer is withing range of the programs address space or
not NULL?

-- 
Debian     - http://www.debian.org/
Linux 1394 - http://www.linux1394.org/
Subversion - http://subversion.tigris.org/
Deqo       - http://www.deqo.com/