strftime: don't attempt to parse field width without seeing a digit

strtoul will consume leading whitespace or sign characters, which are not valid in this context, thereby accepting invalid field specifiers. so, avoid calling it unless there is a number to parse as the width.
author: Rich Felker <dalias@aerifal.cx> 2023-11-21 16:33:15 -0500
committer: Rich Felker <dalias@aerifal.cx> 2023-11-21 16:33:15 -0500
commit: f47a5d400b8ffa26cfc5b345dbff52fec94ac7f3 (patch)
tree: 0abf081fdc2cff27c4e32a77dad1985c937ec7f6 /src
parent: f314e133929b6379eccc632bef32eaebb66a7335 (diff)
download: musl-f47a5d400b8ffa26cfc5b345dbff52fec94ac7f3.tar.gz
musl-f47a5d400b8ffa26cfc5b345dbff52fec94ac7f3.tar.xz
musl-f47a5d400b8ffa26cfc5b345dbff52fec94ac7f3.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/src/time/strftime.c b/src/time/strftime.c
index cc53d536..ef590903 100644
--- a/src/time/strftime.c
+++ b/src/time/strftime.c
@@ -3,6 +3,7 @@
 #include <string.h>
 #include <langinfo.h>
 #include <locale.h>
+#include <ctype.h>
 #include <time.h>
 #include <limits.h>
 #include "locale_impl.h"
@@ -233,7 +234,7 @@ size_t __strftime_l(char *restrict s, size_t n, const char *restrict f, const st
 		pad = 0;
 		if (*f == '-' || *f == '_' || *f == '0') pad = *f++;
 		if ((plus = (*f == '+'))) f++;
-		width = strtoul(f, &p, 10);
+		width = isdigit(*f) ? strtoul(f, &p, 10) : 0;
 		if (*p == 'C' || *p == 'F' || *p == 'G' || *p == 'Y') {
 			if (!width && p!=f) width = 1;
 		} else {
author	Rich Felker <dalias@aerifal.cx>	2023-11-21 16:33:15 -0500
committer	Rich Felker <dalias@aerifal.cx>	2023-11-21 16:33:15 -0500
commit	f47a5d400b8ffa26cfc5b345dbff52fec94ac7f3 (patch)
tree	0abf081fdc2cff27c4e32a77dad1985c937ec7f6 /src
parent	f314e133929b6379eccc632bef32eaebb66a7335 (diff)
download	musl-f47a5d400b8ffa26cfc5b345dbff52fec94ac7f3.tar.gz musl-f47a5d400b8ffa26cfc5b345dbff52fec94ac7f3.tar.xz musl-f47a5d400b8ffa26cfc5b345dbff52fec94ac7f3.zip