This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug time/18985] Passing out of range data to strftime() causes a segfault

From: "ppluzhnikov at google dot com" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Sun, 20 Sep 2015 02:22:10 +0000
Subject: [Bug time/18985] Passing out of range data to strftime() causes a segfault
Auto-submitted: auto-generated
References: <bug-18985-131 at http dot sourceware dot org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=18985

--- Comment #1 from Paul Pluzhnikov <ppluzhnikov at google dot com> ---
The crash:

#0  strlen () at ../sysdeps/x86_64/strlen.S:106
#1  0x00007ffff7d085b4 in __strftime_internal (s=<optimized out>, maxsize=200,
format=<optimized out>, tp=0x7fffffffe0e0,
tzset_called=tzset_called@entry=0x7fffffffe0bf, loc=0x7ffff7ff7440
<_nl_global_locale>) at strftime_l.c:794
#2  0x00007ffff7d097f6 in __GI___strftime_l (s=<optimized out>,
maxsize=<optimized out>, format=<optimized out>, tp=<optimized out>,
loc=<optimized out>) at strftime_l.c:482

There is absolutely no input validation in __strftime_internal, it just blindly
uses

  weekday_name[tp->tm_wday]
  month_name[tp->tm_mon]

etc.

Seems like it would be pretty easy to fix.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

References:
- [Bug time/18985] New: Passing out of range data to strftime() causes a segfault
  - From: a.nielsen at shikadi dot net

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]