about summary refs log tree commit diff
path: root/src/time
Commit message (Collapse)AuthorAgeFilesLines
* adjust strftime + modifier to match apparent intent of POSIXRich Felker2018-02-061-6/+12
| | | | | | | | | | | | | | | | it's unclear from the specification whether the word "consumes" in "consumes more than four bytes to represent a year" refers just to significant places or includes leading zeros due to field width padding. however the examples in the rationale indicate that the latter was the intent. in particular, the year 270 is shown being formatted by %+5Y as +0270 rather than 00270. previously '+' prefixing was implemented just by comparing the year against 10000. instead, count the number of significant digits and padding bytes to be added, and use the total to determine whether to apply the '+' prefix. based on testing by Dennis Wölfing.
* fix strftime field widths with %F format and zero yearRich Felker2018-02-051-1/+2
| | | | | | | | | the code to strip initial sign and leading zeros inadvertently stripped all the zeros and the subsequent '-' separating the month. instead, only strip sign characters from the very first position, and only strip zeros when they are followed by another digit. based on testing by Dennis Wölfing.
* revise the definition of multiple basic locks in the codeJens Gustedt2018-01-091-1/+1
| | | | In all cases this is just a change from two volatile int to one.
* use the name UTC instead of GMT for UTC timezoneNatanael Copa2017-12-143-12/+12
| | | | | | | | | | notes by maintainer: both C and POSIX use the term UTC to specify related functionality, despite POSIX defining it as something more like UT1 or historical (pre-UTC) GMT without leap seconds. neither specifies the associated string for %Z. old choice of "GMT" violated principle of least surprise for users and some applications/tests. use "UTC" instead.
* implement strftime padding specifier extensionsTimo Teräs2017-12-111-8/+14
| | | | | | | | | | | | | notes added by maintainer: the '-' specifier allows default padding to be suppressed, and '_' allows padding with spaces instead of the default (zeros). these extensions seem to be included in several other implementations including FreeBSD and derivatives, and Solaris. while portable software should not depend on them, time format strings are often exposed to the user for configurable time display. reportedly some python programs also use and depend on them.
* fix mismatched type of __pthread_tsd_run_dtors weak definitionRich Felker2017-11-091-2/+2
| | | | | | | | commit a6054e3c94aa0491d7366e4b05ae0d73f661bfe2 changed this function not to take an argument, but the weak definition used by timer_create was not updated to match. reported by Pascal Cuoq.
* handle errors from localtime_r in ctime_rRich Felker2017-06-201-3/+2
| | | | | | | | POSIX requires ctime_r return a null pointer on failure, which can occur if the input time_t value is not representable in broken down form. based on patch by Alexander Monakov.
* handle localtime errors in ctimeRich Felker2017-06-151-1/+3
| | | | | | | | ctime passes the result from localtime directly to asctime. But in case of error, localtime returns 0. This causes an error (NULL pointer dereference) in asctime. based on patch by Omer Anson.
* getdate: correctly specify error numberA. Wilcox2017-06-141-1/+2
| | | | | | | | | | POSIX defines getdate error #5 as: "An I/O error is encountered while reading the template file." POSIX defines getdate error #7 as: "There is no line in the template that matches the input." This change correctly disambiguates between the two error conditions.
* fix strptime output for %C without %yJulien Ramseier2017-03-211-2/+3
| | | | | in this case, a potentially-uninitialized or unrelated existing value in tm_year was being used. instead use 0 if %y was not present.
* fix processing of strptime %p formatJulien Ramseier2017-03-211-0/+2
| | | | string pointer was not advanced after matching.
* fix off-by-one in strptime %jJulien Ramseier2017-03-211-0/+1
| | | | tm_yday range is 0-365 while %j is 1-366
* fix POSIX-format TZ dst transition times for southern hemisphereRich Felker2017-03-151-8/+4
| | | | | | | | | | the time of day at which daylight time switches over is specified in local time in the dst state prior to the transition. the code for handling this wrongly assumed it needed to switch whether dst or standard offset is applied to the transition time when the dst end date is before the dst start date (souther hemisphere summer), but in fact the end transition time should always be adjusted for dst, and the start transition time should always be adjusted for standard time.
* fix strftime %y for negative yearsRich Felker2017-01-021-2/+2
| | | | | | | | | | commit 583ea83541dcc6481c7a1bd1a9b485526bad84a1 fixed the case where tm_year is negative but the resulting year (offset by 1900) was still positive, which is always the case for time_t values that fit in 32 bits, but not for arbitrary inputs. based on an earlier patch by Julien Ramseier which was overlooked at the time the previous fix was applied.
* fix integer overflow of tm_year in __secs_to_tmDaniel Sabogal2016-11-071-4/+5
| | | | | | the overflow check for years+100 did not account for the extra year computed from the remaining months. instead, perform this check after obtaining the final number of years.
* fix parsing of quoted time zone namesHannu Nyman2016-11-071-1/+1
| | | | | Fix parsing of the < > quoted time zone names. Compare the correct character instead of repeatedly comparing the first character.
* fix gratuitous undefined behavior in strptimeRich Felker2016-10-201-2/+7
| | | | | accessing an object of type const char *restrict as if it had type char * is not defined.
* fix clock_nanosleep error caseDaniel Sabogal2016-10-201-1/+3
| | | | | | posix requires that EINVAL be returned if the first parameter specifies the cpu-time clock of the calling thread (CLOCK_THREAD_CPUTIME_ID). linux returns ENOTSUP instead so we handle this.
* fix strftime %y for negative tm_yearSzabolcs Nagy2016-10-061-0/+1
|
* fix asctime day/month names not to vary by localeRich Felker2016-07-071-5/+4
| | | | | the FIXME comment here was overlooked at the time locale support was added.
* improve clock_gettime and adapt it to support slightly-broken vdsoRich Felker2016-01-271-22/+39
| | | | | | | | | | | | | | | | | | | | | | | | | these changes are motivated by a functionally similar patch by Hauke Mehrtens to address the needs of the new mips vdso clock_gettime, which wrongly fails with ENOSYS rather than falling back to making a syscall for clock ids it cannot handle from userspace. in the process of preparing to handle that case, it was noticed that the old clock_gettime use of the vdso was actually wrong with respect to error handling -- the tail call to the vdso function failed to set errno and instead returned an error code. since tail calls to vdso are no longer possible and since the plain syscall code is now needed as a fallback path anyway, it does not make sense to use a function pointer to call the plain syscall code path. instead, it's inlined at the end of the main clock_gettime function. the new code also avoids the need to test for initialization of the vdso function pointer by statically initializing it to a self-init function, and eliminates redundant loads from the volatile pointer object. finally, the use of a_cas_p on an object of type other than void *, which is not permitted aliasing, is replaced by using an object with the correct type and casting the value.
* fix strftime handling of out-of-range struct tm fieldsRich Felker2015-10-141-8/+12
| | | | | | | | | | strftime results are unspecified in this case, but should not invoke undefined behaviour. tm_wday, tm_yday, tm_mon and tm_year fields were used in signed int arithmetic that could overflow. based on patch by Szabolcs Nagy.
* fix integer overflows in time_t/struct tm conversion codeRich Felker2015-10-081-3/+3
| | | | | | | | | | as found and reported by Brian Mastenbrook, the expressions 400*qc_cycles and years+100 in __secs_to_tm were both subject to integer overflow for extreme values of the input t. this patch by Szabolcs Nagy fixes the code by switching to larger types, and matches the original intent I had in mind when writing this code.
* avoid reading uninitialized memory in __map_fileSzabolcs Nagy2015-09-241-2/+3
| | | | | | | The value of *size is not relevant in case of failure, but it's better not to copy garbage from the stack into it. (The compiler cannot see through the syscall, so optimization was not affected by the unspecified value).
* match historical behavior for tm_gmtoff member of struct tmNatanael Copa2015-08-144-12/+12
| | | | | | | | | | | | | | tm_gmtoff is a nonstandard field, but on historical systems which have this field, it stores the offset of the local time zone from GMT or UTC. this is the opposite of the POSIX extern long timezone object and the offsets used in POSIX-form TZ strings, which represent the offset from local time to UTC. previously we were storing these negated offsets in tm_gmtoff too. programs which only used this field indirectly via strftime were not affected since strftime performed the negation for presentation. however, some programs and libraries accesse tm_gmtoff directly and were obtaining negated time zone offsets.
* treat empty TZ environment variable as GMT rather than defaultRich Felker2015-07-061-1/+2
| | | | | | this improves compatibility with the behavior of other systems and with some applications which set an empty TZ var to disable use of local time by mktime, etc.
* make all objects used with atomic operations volatileRich Felker2015-03-032-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the memory model we use internally for atomics permits plain loads of values which may be subject to concurrent modification without requiring that a special load function be used. since a compiler is free to make transformations that alter the number of loads or the way in which loads are performed, the compiler is theoretically free to break this usage. the most obvious concern is with atomic cas constructs: something of the form tmp=*p;a_cas(p,tmp,f(tmp)); could be transformed to a_cas(p,*p,f(*p)); where the latter is intended to show multiple loads of *p whose resulting values might fail to be equal; this would break the atomicity of the whole operation. but even more fundamental breakage is possible. with the changes being made now, objects that may be modified by atomics are modeled as volatile, and the atomic operations performed on them by other threads are modeled as asynchronous stores by hardware which happens to be acting on the request of another thread. such modeling of course does not itself address memory synchronization between cores/cpus, but that aspect was already handled. this all seems less than ideal, but it's the best we can do without mandating a C11 compiler and using the C11 model for atomics. in the case of pthread_once_t, the ABI type of the underlying object is not volatile-qualified. so we are assuming that accessing the object through a volatile-qualified lvalue via casts yields volatile access semantics. the language of the C standard is somewhat unclear on this matter, but this is an assumption the linux kernel also makes, and seems to be the correct interpretation of the standard.
* fix handling of negative offsets in timezone spec stringsRich Felker2014-10-091-10/+7
| | | | | | | | previously, the hours were considered as a signed quantity while minutes and seconds were always treated as positive offsets. however, semantically the '-' sign should negate the whole hh:mm:ss offset. this bug only affected timezones east of GMT with non-whole-hours offsets, such as those used in India and Nepal.
* add C11 timespec_get function, with associated time.h changes for C11Rich Felker2014-09-061-0/+12
| | | | | | based on patch by Jens Gustedt for inclusion with C11 threads implementation, but committed separately since it's independent of threads.
* properly pass current locale to *_l functions when used internallyRich Felker2014-07-022-2/+4
| | | | | this change is presently non-functional since the callees do not yet use their locale argument for anything.
* use default timezone from /etc/localtime if $TZ is unset/blankRich Felker2014-06-061-2/+3
| | | | | | | the way this is implemented, it also allows explicit setting of TZ=/etc/localtime even for suid programs. this is not a problem because /etc/localtime is a trusted path, much like the trusted zoneinfo search path.
* implement %y and %C specifiers in strptimeTimo Teräs2014-06-061-4/+10
|
* support linux kernel apis (new archs) with old syscalls removedRich Felker2014-05-291-9/+6
| | | | | | | | | | | | | | | | | | | | | | | | such archs are expected to omit definitions of the SYS_* macros for syscalls their kernels lack from arch/$ARCH/bits/syscall.h. the preprocessor is then able to select the an appropriate implementation for affected functions. two basic strategies are used on a case-by-case basis: where the old syscalls correspond to deprecated library-level functions, the deprecated functions have been converted to wrappers for the modern function, and the modern function has fallback code (omitted at the preprocessor level on new archs) to make use of the old syscalls if the new syscall fails with ENOSYS. this also improves functionality on older kernels and eliminates the incentive to program with deprecated library-level functions for the sake of compatibility with older kernels. in other situations where the old syscalls correspond to library-level functions which are not deprecated but merely lack some new features, such as the *at functions, the old syscalls are still used on archs which support them. this may change at some point in the future if or when fallback code is added to the new functions to make them usable (possibly with reduced functionality) on old kernels.
* support kernels with no SYS_open syscall, only SYS_openatRich Felker2014-05-241-2/+1
| | | | | | | | | | open is handled specially because it is used from so many places, in so many variants (2 or 3 arguments, setting errno or not, and cancellable or not). trying to do it as a function would not only increase bloat, but would also risk subtle breakage. this is the first step towards supporting "new" archs where linux lacks "old" syscalls.
* fix unhandled cases in strptimeRich Felker2014-05-191-5/+16
| | | | | | | | | | | | | | | | | | | | | %C, %U, %W, and %y handling were completely missing; %C wrongly fell-through to unrelated cases, and the rest returned failure. for now, they all parse numbers in the proper forms and range-check the values, but they do not store the value anywhere. it's not clear to me whether, as "derived" fields, %U and %W should produce any result. they certainly cannot produce a result unless the year and weekday are also converted, but in this case it might be desirable for them to do so. clarification is needed on the intended behavior of strptime in cases like this. %C and %y have well-defined behavior as long as they are used together (and %y is defined by itself but may change in the future). implementing them (including their correct interaction) is left as a later change to be made. finally, strptime now rejects unknown/invalid format characters instead of ignoring them.
* fix strftime %s not to zero pad with default width=2Szabolcs Nagy2014-05-081-0/+1
|
* perform minimal sanity checks on zoneinfo files loaded via TZ variableRich Felker2014-04-221-0/+5
| | | | | | | | | | | | previously, setting TZ to the pathname of a file which was not a valid zoneinfo file would usually cause programs using local time zone based operations to crash. the new code checks the file size and magic at the beginning of the file, which seems sufficient to prevent accidental misconfiguration from causing crashes. attempting to make fully-robust validation would be futile unless we wanted to drop use of mmap (shared zoneinfo) and instead read it into a local buffer, since such validation would be subject to race conditions with modification of the file.
* do not try to interpret implementation specific strings as tz definitionTimo Teräs2014-04-221-0/+1
|
* allow zoneinfo-path-relative filenames with no slashes in TZ variableRich Felker2014-04-211-12/+8
| | | | | | | | | | since the form TZ=name is reserved for POSIX-form time zone strings, TZ=:name needs to be used when the zoneinfo filename is in the top-level zoneinfo directory and therefore does not contain a slash. previously the leading colon was merely dropped, making it impossible to access such zones without a full absolute pathname. changes based on patch by Timo Teräs.
* add working vdso clock_gettime support, including static linkingRich Felker2014-04-161-5/+13
| | | | | | | | | | | | | | | | the vdso symbol lookup code is based on the original 2011 patch by Nicholas J. Kain, with some streamlining, pointer arithmetic fixes, and one symbol version matching fix. on the consumer side (clock_gettime), per-arch macros for the particular symbol name and version to lookup are added in syscall_arch.h, and no vdso code is pulled in on archs which do not define these macros. at this time, vdso is enabled only on x86_64. the vdso support at the dynamic linker level is no longer useful to libc, but is left in place for the sake of debuggers (which may need the vdso in the link map to find its functions) and possibly use with dlsym.
* fix fallback code for old kernels in clock_gettimeRich Felker2014-04-141-1/+1
|
* eliminate explicit (long) casts when making syscallsRich Felker2014-01-064-4/+4
| | | | | | | | this practice came from very early, before internal/syscall.h defined macros that could accept pointer arguments directly and handle them correctly. aside from being ugly and unnecessary, it looks like it will be problematic when we add support for 32-bit ABIs on archs where registers (and syscall arguments) are 64-bit, e.g. x32 and mips n32.
* fix hangs in localtime for near-overflowing time_t values on 64-bit archsRich Felker2013-12-191-0/+6
|
* include cleanups: remove unused headers and add feature test macrosSzabolcs Nagy2013-12-125-6/+0
|
* fix off-by-one length failure in strftime/wcsftime and improve error behaviorRich Felker2013-11-262-12/+16
| | | | | | | | | | | | | | | | | these functions were spuriously failing in the case where the buffer size was exactly the number of bytes/characters to be written, including null termination. since these functions do not have defined error conditions other than buffer size, a reasonable application may fail to check the return value when the format string and buffer size are known to be valid; such an application could then attempt to use a non-terminated buffer. in addition to fixing the bug, I have changed the error handling behavior so that these functions always null-terminate the output except in the case where the buffer size is zero, and so that they always write as many characters as possible before failing, rather than dropping whole fields that do not fit. this actually simplifies the logic somewhat anyway.
* remove O_NOFOLLOW from __map_file used for time zone file loadingRich Felker2013-11-081-1/+1
| | | | | | | | | | | | | it's not clear why I originally wrote O_NOFOLLOW into this; I suspect the reason was with an aim of making the function more general for mapping partially or fully untrusted files provided by the user. however, the timezone code already precludes use of absolute or relative pathnames in suid/sgid programs, and disallows .. in pathnames which are relative to one of the system timezone locations, so there is no threat of opening a symlink which is not trusted by appropriate user. since some users may wish to put symbolic links in the zoneinfo directories to alias timezones, it seems preferable to allow this.
* fix handling of overly-long TZ environment variable valuesRich Felker2013-11-081-1/+1
| | | | | | the rest of the code is not prepared to handle an empty TZ string, so falling back to __gmt ("GMT"), just as if TZ had been blank or unset, is the preferable action.
* timezone parser: fix iteration over search dir pathsrofl0r2013-11-041-1/+1
| | | | try+l points to \0, so only one iteration was ever tried.
* timezone parser: fix offset to transition table in 64bit code pathrofl0r2013-11-041-1/+1
| | | | | | we need to skip to the second TZif header, which starts at skip+44, and then skip another header (20 bytes) plus the following 6 32bit values.
* fix timezone parser code crashing on 64bit sysrofl0r2013-11-041-1/+1
| | | | | | | if sizeof(time_t) == 8, this code path was missing the correct offset into the zoneinfo file, using the header magic to do offset calculations. the 6 32bit fields to be read start at offset 20.