diff options
Diffstat (limited to 'time')
| -rw-r--r-- | time/Makefile | 2 | ||||
| -rw-r--r-- | time/asctime.c | 66 | ||||
| -rw-r--r-- | time/bug-asctime.c | 33 | ||||
| -rw-r--r-- | time/bug-asctime_r.c | 32 |
4 files changed, 114 insertions, 19 deletions
diff --git a/time/Makefile b/time/Makefile index 14313563eb..734f0d5373 100644 --- a/time/Makefile +++ b/time/Makefile @@ -35,7 +35,7 @@ distribute := datemsk tests := test_time clocktest tst-posixtz tst-strptime tst_wcsftime \ tst-getdate tst-mktime tst-mktime2 tst-ftime_l tst-strftime \ - tst-mktime3 tst-strptime2 + tst-mktime3 tst-strptime2 bug-asctime bug-asctime_r include ../Rules diff --git a/time/asctime.c b/time/asctime.c index f20b311bb5..dc4fd54f4e 100644 --- a/time/asctime.c +++ b/time/asctime.c @@ -1,4 +1,5 @@ -/* Copyright (C) 1991,1993,1995-1997,2000,2002 Free Software Foundation, Inc. +/* Copyright (C) 1991,1993,1995-1997,2000,2002,2005 + Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -18,6 +19,7 @@ #include "../locale/localeinfo.h" #include <errno.h> +#include <limits.h> #include <stdio.h> #include <time.h> @@ -29,17 +31,9 @@ extern const struct locale_data _nl_C_LC_TIME attribute_hidden; static const char format[] = "%.3s %.3s%3d %.2d:%.2d:%.2d %d\n"; static char result[ 3+1+ 3+1+20+1+20+1+20+1+20+1+20+1 + 1]; -/* Returns a string of the form "Day Mon dd hh:mm:ss yyyy\n" - which is the representation of TP in that form. */ -char * -asctime (const struct tm *tp) -{ - return __asctime_r (tp, result); -} -libc_hidden_def (asctime) -char * -__asctime_r (const struct tm *tp, char *buf) +static char * +asctime_internal (const struct tm *tp, char *buf, size_t buflen) { if (tp == NULL) { @@ -47,15 +41,51 @@ __asctime_r (const struct tm *tp, char *buf) return NULL; } - if (sprintf (buf, format, - (tp->tm_wday < 0 || tp->tm_wday >= 7 ? - "???" : ab_day_name (tp->tm_wday)), - (tp->tm_mon < 0 || tp->tm_mon >= 12 ? - "???" : ab_month_name (tp->tm_mon)), - tp->tm_mday, tp->tm_hour, tp->tm_min, - tp->tm_sec, 1900 + tp->tm_year) < 0) + /* We limit the size of the year which can be printed. Using the %d + format specifier used the addition of 1900 would overflow the + number and a negative vaue is printed. For some architectures we + could in theory use %ld or an evern larger integer format but + this would mean the output needs more space. This would not be a + problem if the 'asctime_r' interface would be defined sanely and + a buffer size would be passed. */ + if (__builtin_expect (tp->tm_year > INT_MAX - 1900, 0)) + { + eoverflow: + __set_errno (EOVERFLOW); + return NULL; + } + + int n = __snprintf (buf, buflen, format, + (tp->tm_wday < 0 || tp->tm_wday >= 7 ? + "???" : ab_day_name (tp->tm_wday)), + (tp->tm_mon < 0 || tp->tm_mon >= 12 ? + "???" : ab_month_name (tp->tm_mon)), + tp->tm_mday, tp->tm_hour, tp->tm_min, + tp->tm_sec, 1900 + tp->tm_year); + if (n < 0) return NULL; + if (n >= buflen) + goto eoverflow; return buf; } + + +/* Like asctime, but write result to the user supplied buffer. The + buffer is only guaranteed to be 26 bytes in length. */ +char * +__asctime_r (const struct tm *tp, char *buf) +{ + return asctime_internal (tp, buf, 26); +} weak_alias (__asctime_r, asctime_r) + + +/* Returns a string of the form "Day Mon dd hh:mm:ss yyyy\n" + which is the representation of TP in that form. */ +char * +asctime (const struct tm *tp) +{ + return asctime_internal (tp, result, sizeof (result)); +} +libc_hidden_def (asctime) diff --git a/time/bug-asctime.c b/time/bug-asctime.c new file mode 100644 index 0000000000..0b04b475a8 --- /dev/null +++ b/time/bug-asctime.c @@ -0,0 +1,33 @@ +#include <errno.h> +#include <limits.h> +#include <stdio.h> +#include <time.h> + + +static int +do_test (void) +{ + int result = 0; + time_t t = time (NULL); + struct tm *tp = localtime (&t); + tp->tm_year = INT_MAX; + errno = 0; + char *s = asctime (tp); + if (s != NULL || errno != EOVERFLOW) + { + puts ("asctime did not fail correctly"); + result = 1; + } + char buf[1000]; + errno = 0; + s = asctime_r (tp, buf); + if (s != NULL || errno != EOVERFLOW) + { + puts ("asctime_r did not fail correctly"); + result = 1; + } + return result; +} + +#define TEST_FUNCTION do_test () +#include "../test-skeleton.c" diff --git a/time/bug-asctime_r.c b/time/bug-asctime_r.c new file mode 100644 index 0000000000..86651ef1c5 --- /dev/null +++ b/time/bug-asctime_r.c @@ -0,0 +1,32 @@ +#include <errno.h> +#include <limits.h> +#include <stdio.h> +#include <time.h> + + +static int +do_test (void) +{ + int result = 0; + time_t t = time (NULL); + struct tm *tp = localtime (&t); + tp->tm_year = 10000 - 1900; + char buf[1000]; + errno = 0; + buf[26] = '\xff'; + char *s = asctime_r (tp, buf); + if (s != NULL || errno != EOVERFLOW) + { + puts ("asctime_r did not fail correctly"); + result = 1; + } + if (buf[26] != '\xff') + { + puts ("asctime_r overwrote 27th byte in buffer"); + result = 1; + } + return result; +} + +#define TEST_FUNCTION do_test () +#include "../test-skeleton.c" |