[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#162917: libc6: strftime crashes with invalid input



tag 162917 + wontfix
thanks

On Tue, Oct 01, 2002 at 09:05:12AM +1000, Hamish Moffatt wrote:
> Package: libc6
> Version: 2.2.5-14.3
> Severity: normal
> 
> strftime() causes a segmentation fault if some of the values in the tm
> argument are outside of its expected range. Here is a sample program:
> 
> 
> #include <stdio.h>
> #include <time.h>
> 
> int main() {
>   struct tm tmStruct;
>   char buf[256];
> 
>   tmStruct.tm_year = 0;
>   tmStruct.tm_mon = 0;
>   tmStruct.tm_mday = 1;
>   tmStruct.tm_hour = 0;
>   tmStruct.tm_min = 0;
>   tmStruct.tm_sec = 0;
>   /* here is the problem: tm_wday is set to -1; I initially
>    * encountered this because I was setting tm_wday to -1 and then
>    * calling mktime, and not checking the return value from mktime
>    * before calling strftime */
>   tmStruct.tm_wday = -1;
>   tmStruct.tm_yday = 0;
>   tmStruct.tm_isdst = 0;
>   strftime(buf, sizeof(buf), "%c", &tmStruct);
>   return 0;
> }

  A hand-initialized struct tm is likely to be bogus, and you _have_ to
call mktime to normalize it before. (and indeed if you call mktime
before strftime it works). It's up to the caller to sanitize his struct
tm's before calling anything that uses one.

  Hence I'm tagging the bug wontfix, but will gladly accept patches for
that.
-- 
·O·  Pierre Habouzit
··O                                                madcoder@debian.org
OOO                                                http://www.madism.org

Attachment: pgpq3_AoF8ZjQ.pgp
Description: PGP signature


Reply to: