This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [patch] Fix BZ 18985 out of bounds access in strftime
- From: Paul Pluzhnikov <ppluzhnikov at google dot com>
- To: Paul Eggert <eggert at cs dot ucla dot edu>
- Cc: GLIBC Devel <libc-alpha at sourceware dot org>
- Date: Sun, 20 Sep 2015 11:45:19 -0700
- Subject: Re: [patch] Fix BZ 18985 out of bounds access in strftime
- Authentication-results: sourceware.org; auth=none
- References: <CAPC3xao-5YF_icBWE5yYbaYiUmiAvmb7w9s_G-dqawsx7eoTkQ at mail dot gmail dot com> <55FE5473 dot 7030305 at cs dot ucla dot edu> <CALoOobOWfPWuwtw_XgcTKx2yn=p3YbB04_B965zKRCkC1qsPjQ at mail dot gmail dot com> <55FEFD47 dot 4090401 at cs dot ucla dot edu>
On Sun, Sep 20, 2015 at 11:39 AM, Paul Eggert <eggert@cs.ucla.edu> wrote:
>> tp->tm_hour = 1024;
>> strftime(..., "%H %I", tp); // produces "1024 04"
>>
>> that doesn't seem very desirable.
>
> That helps the programmer more than returning 0 would.
Yes, you convinced me that returning 0 is the wrong thing to do.
The remaining question was whether tm_hour==1024 should map to "1024"
or to "?". Your other example suggests that "1024" is more useful.
> Don't forget out-of-range tm_isdst: there's one place the code has undefined
> behavior if tm_isdst exceeds 1.
Thanks!
--
Paul Pluzhnikov