[BZ #1459]

* time/asctime.c (__asctime_r): Check for tm_year computation to overflow and fail in this case. * time/Makefile (tests): Add bug-asctime. * time/bug-asctime.c: New file.
git-mirror · Oct 14, 2005 · 576c845 · 576c845
1 parent 93c6cb8
commit 576c845
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 2 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,5 +1,11 @@
 2005-10-14  Ulrich Drepper  <drepper@redhat.com>
 
+	[BZ #1459]
+	* time/asctime.c (__asctime_r): Check for tm_year computation to
+	overflow and fail in this case.
+	* time/Makefile (tests): Add bug-asctime.
+	* time/bug-asctime.c: New file.
+
 	[BZ #1458]
 	* sysdeps/unix/sysv/linux/i386/bits/mman.h: Define MREMAP_FIXED.
 	* sysdeps/unix/sysv/linux/ia64/bits/mman.h: Likewise.

diff --git a/time/Makefile b/time/Makefile
@@ -35,7 +35,7 @@ distribute := datemsk
 
 tests	:= test_time clocktest tst-posixtz tst-strptime tst_wcsftime \
 	   tst-getdate tst-mktime tst-mktime2 tst-ftime_l tst-strftime \
-	   tst-mktime3 tst-strptime2
+	   tst-mktime3 tst-strptime2 bug-asctime
 
 include ../Rules
 

diff --git a/time/asctime.c b/time/asctime.c
@@ -1,4 +1,5 @@
-/* Copyright (C) 1991,1993,1995-1997,2000,2002 Free Software Foundation, Inc.
+/* Copyright (C) 1991,1993,1995-1997,2000,2002,2005
+   Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -18,6 +19,7 @@
 
 #include "../locale/localeinfo.h"
 #include <errno.h>
+#include <limits.h>
 #include <stdio.h>
 #include <time.h>
 
@@ -47,6 +49,19 @@ __asctime_r (const struct tm *tp, char *buf)
       return NULL;
     }
 
+  /* We limit the size of the year which can be printed.  Using the %d
+     format specifier used the addition of 1900 would overflow the
+     number and a negative vaue is printed.  For some architectures we
+     could in theory use %ld or an evern larger integer format but
+     this would mean the output needs more space.  This would not be a
+     problem if the 'asctime_r' interface would be defined sanely and
+     a buffer size would be passed.  */
+  if (__builtin_expect (tp->tm_year > INT_MAX - 1900, 0))
+    {
+      __set_errno (EOVERFLOW);
+      return NULL;
+    }
+
   if (sprintf (buf, format,
 	       (tp->tm_wday < 0 || tp->tm_wday >= 7 ?
 		"???" : ab_day_name (tp->tm_wday)),

diff --git a/time/bug-asctime.c b/time/bug-asctime.c
@@ -0,0 +1,32 @@
+#include <errno.h>
+#include <limits.h>
+#include <stdio.h>
+#include <time.h>
+
+
+static int
+do_test (void)
+{
+  int result = 0;
+  time_t t = time (NULL);
+  struct tm *tp = localtime (&t);
+  tp->tm_year = INT_MAX;
+  errno = 0;
+  char *s = asctime (tp);
+  if (s != NULL || errno != EOVERFLOW)
+    {
+      puts ("asctime did not fail correctly");
+      result = 1;
+    }
+  char buf[1000];
+  s = asctime_r (tp, buf);
+  if (s != NULL || errno != EOVERFLOW)
+    {
+      puts ("asctime_r did not fail correctly");
+      result = 1;
+    }
+  return result;
+}
+
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"