about summary refs log tree commit diff
path: root/time/asctime.c
diff options
context:
space:
mode:
Diffstat (limited to 'time/asctime.c')
-rw-r--r--time/asctime.c17
1 files changed, 16 insertions, 1 deletions
diff --git a/time/asctime.c b/time/asctime.c
index f20b311bb5..8ac4aa76a4 100644
--- a/time/asctime.c
+++ b/time/asctime.c
@@ -1,4 +1,5 @@
-/* Copyright (C) 1991,1993,1995-1997,2000,2002 Free Software Foundation, Inc.
+/* Copyright (C) 1991,1993,1995-1997,2000,2002,2005
+   Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -18,6 +19,7 @@
 
 #include "../locale/localeinfo.h"
 #include <errno.h>
+#include <limits.h>
 #include <stdio.h>
 #include <time.h>
 
@@ -47,6 +49,19 @@ __asctime_r (const struct tm *tp, char *buf)
       return NULL;
     }
 
+  /* We limit the size of the year which can be printed.  Using the %d
+     format specifier used the addition of 1900 would overflow the
+     number and a negative vaue is printed.  For some architectures we
+     could in theory use %ld or an evern larger integer format but
+     this would mean the output needs more space.  This would not be a
+     problem if the 'asctime_r' interface would be defined sanely and
+     a buffer size would be passed.  */
+  if (__builtin_expect (tp->tm_year > INT_MAX - 1900, 0))
+    {
+      __set_errno (EOVERFLOW);
+      return NULL;
+    }
+
   if (sprintf (buf, format,
 	       (tp->tm_wday < 0 || tp->tm_wday >= 7 ?
 		"???" : ab_day_name (tp->tm_wday)),