This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug time/18985] Passing out of range data to strftime() causes a segfault
- From: "ppluzhnikov at google dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Sun, 20 Sep 2015 02:22:10 +0000
- Subject: [Bug time/18985] Passing out of range data to strftime() causes a segfault
- Auto-submitted: auto-generated
- References: <bug-18985-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=18985
--- Comment #1 from Paul Pluzhnikov <ppluzhnikov at google dot com> ---
The crash:
#0 strlen () at ../sysdeps/x86_64/strlen.S:106
#1 0x00007ffff7d085b4 in __strftime_internal (s=<optimized out>, maxsize=200,
format=<optimized out>, tp=0x7fffffffe0e0,
tzset_called=tzset_called@entry=0x7fffffffe0bf, loc=0x7ffff7ff7440
<_nl_global_locale>) at strftime_l.c:794
#2 0x00007ffff7d097f6 in __GI___strftime_l (s=<optimized out>,
maxsize=<optimized out>, format=<optimized out>, tp=<optimized out>,
loc=<optimized out>) at strftime_l.c:482
There is absolutely no input validation in __strftime_internal, it just blindly
uses
weekday_name[tp->tm_wday]
month_name[tp->tm_mon]
etc.
Seems like it would be pretty easy to fix.
--
You are receiving this mail because:
You are on the CC list for the bug.