about summary refs log tree commit diff
path: root/src/time/__tz.c
Commit message (Collapse)AuthorAgeFilesLines
* make all objects used with atomic operations volatileRich Felker2015-03-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the memory model we use internally for atomics permits plain loads of values which may be subject to concurrent modification without requiring that a special load function be used. since a compiler is free to make transformations that alter the number of loads or the way in which loads are performed, the compiler is theoretically free to break this usage. the most obvious concern is with atomic cas constructs: something of the form tmp=*p;a_cas(p,tmp,f(tmp)); could be transformed to a_cas(p,*p,f(*p)); where the latter is intended to show multiple loads of *p whose resulting values might fail to be equal; this would break the atomicity of the whole operation. but even more fundamental breakage is possible. with the changes being made now, objects that may be modified by atomics are modeled as volatile, and the atomic operations performed on them by other threads are modeled as asynchronous stores by hardware which happens to be acting on the request of another thread. such modeling of course does not itself address memory synchronization between cores/cpus, but that aspect was already handled. this all seems less than ideal, but it's the best we can do without mandating a C11 compiler and using the C11 model for atomics. in the case of pthread_once_t, the ABI type of the underlying object is not volatile-qualified. so we are assuming that accessing the object through a volatile-qualified lvalue via casts yields volatile access semantics. the language of the C standard is somewhat unclear on this matter, but this is an assumption the linux kernel also makes, and seems to be the correct interpretation of the standard.
* fix handling of negative offsets in timezone spec stringsRich Felker2014-10-091-10/+7
| | | | | | | | previously, the hours were considered as a signed quantity while minutes and seconds were always treated as positive offsets. however, semantically the '-' sign should negate the whole hh:mm:ss offset. this bug only affected timezones east of GMT with non-whole-hours offsets, such as those used in India and Nepal.
* use default timezone from /etc/localtime if $TZ is unset/blankRich Felker2014-06-061-2/+3
| | | | | | | the way this is implemented, it also allows explicit setting of TZ=/etc/localtime even for suid programs. this is not a problem because /etc/localtime is a trusted path, much like the trusted zoneinfo search path.
* perform minimal sanity checks on zoneinfo files loaded via TZ variableRich Felker2014-04-221-0/+5
| | | | | | | | | | | | previously, setting TZ to the pathname of a file which was not a valid zoneinfo file would usually cause programs using local time zone based operations to crash. the new code checks the file size and magic at the beginning of the file, which seems sufficient to prevent accidental misconfiguration from causing crashes. attempting to make fully-robust validation would be futile unless we wanted to drop use of mmap (shared zoneinfo) and instead read it into a local buffer, since such validation would be subject to race conditions with modification of the file.
* do not try to interpret implementation specific strings as tz definitionTimo Teräs2014-04-221-0/+1
|
* allow zoneinfo-path-relative filenames with no slashes in TZ variableRich Felker2014-04-211-12/+8
| | | | | | | | | | since the form TZ=name is reserved for POSIX-form time zone strings, TZ=:name needs to be used when the zoneinfo filename is in the top-level zoneinfo directory and therefore does not contain a slash. previously the leading colon was merely dropped, making it impossible to access such zones without a full absolute pathname. changes based on patch by Timo Teräs.
* fix handling of overly-long TZ environment variable valuesRich Felker2013-11-081-1/+1
| | | | | | the rest of the code is not prepared to handle an empty TZ string, so falling back to __gmt ("GMT"), just as if TZ had been blank or unset, is the preferable action.
* timezone parser: fix iteration over search dir pathsrofl0r2013-11-041-1/+1
| | | | try+l points to \0, so only one iteration was ever tried.
* timezone parser: fix offset to transition table in 64bit code pathrofl0r2013-11-041-1/+1
| | | | | | we need to skip to the second TZif header, which starts at skip+44, and then skip another header (20 bytes) plus the following 6 32bit values.
* fix timezone parser code crashing on 64bit sysrofl0r2013-11-041-1/+1
| | | | | | | if sizeof(time_t) == 8, this code path was missing the correct offset into the zoneinfo file, using the header magic to do offset calculations. the 6 32bit fields to be read start at offset 20.
* properly fill in tzname[] for old (pre-64-bit-format) zoneinfo filesRich Felker2013-08-241-1/+22
| | | | | in this case, the first standard-time and first daylight-time rules should be taken as the "default" ones to expose.
* minor fix to tz name checkingRich Felker2013-08-241-2/+2
| | | | | if a zoneinfo file is not (or is no longer) in use, don't check the abbrevs pointers, which may be invalid.
* fix strftime handling of time zone dataRich Felker2013-08-241-3/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | this may need further revision in the future, since POSIX is rather unclear on the requirements, and is designed around the assumption of POSIX TZ specifiers which are not sufficiently powerful to represent real-world timezones (this is why zoneinfo support was added). the basic issue is that strftime gets the string and numeric offset for the timezone from the extra fields in struct tm, which are initialized when calling localtime/gmtime/etc. however, a conforming application might have created its own struct tm without initializing these fields, in which case using __tm_zone (a pointer) could crash. other zoneinfo-based implementations simply check for a null pointer, but otherwise can still crash of the field contains junk. simply ignoring __tm_zone and using tzname[] would "work" but would give incorrect results in time zones with more complex rules. I feel like this would lower the quality of implementation. instead, simply validate __tm_zone: unless it points to one of the zone name strings managed by the timezone system, assume it's invalid. this commit also fixes several other minor bugs with formatting: tm_isdst being negative is required to suppress printing of the zone formats, and %z was using the wrong format specifiers since the type of val was changed, resulting in bogus output.
* fix mishandling of empty or blank TZ environment variableRich Felker2013-08-231-1/+1
| | | | | | the empty TZ string was matching equal to the initial value of the cached TZ name, thus causing do_tzset never to run and never to initialize the time zone data.
* the big time handling overhaulRich Felker2013-07-171-0/+389
this commit has two major user-visible parts: zoneinfo-format time zones are now supported, and overflow handling is intended to be complete in the sense that all functions return a correct result if and only if the result fits in the destination type, and otherwise return an error. also, some noticable bugs in the way DST detection and normalization worked have been fixed, and performance may be better than before, but it has not been tested.