Bug 23976 - trunk/timezone/zdump.c:811: missing call to va_end ?
Summary: trunk/timezone/zdump.c:811: missing call to va_end ?
Alias: None
Product: glibc
Classification: Unclassified
Component: time (show other bugs)
Version: unspecified
: P2 minor
Target Milestone: ---
Assignee: Not yet assigned to anyone
Depends on:
Reported: 2018-12-11 10:14 UTC by dcb
Modified: 2018-12-15 15:43 UTC (History)
1 user (show)

See Also:
Last reconfirmed: 2018-12-12 00:00:00
fweimer: security-


Note You need to log in before you can comment on or make changes to this bug.
Description dcb 2018-12-11 10:14:13 UTC
trunk/timezone/zdump.c:811]: (error) va_list 'args' was opened but not closed by va_end().

Source code is

    if (n < 0)
      return n;

Suggest new code

    if (n < 0) {
      return n;
Comment 1 joseph@codesourcery.com 2018-12-11 17:22:50 UTC
This code is imported from external sources and not modified locally in 
glibc.  Please report your concern to tz@iana.org, not here.
Comment 2 eggert 2018-12-12 16:19:35 UTC
Thanks, fixed (but not yet released) upstream as noted here:


The fix should be needed only when __STDC_VERSION__ < 199901 or when HAVE_SNPRINTF is defined to be 0, so it's not clear to me whether it's needed for glibc builds. If it is needed, perhaps -DHAVE_SNPRINTF=1 should be added to CFLAGS when compiling tzdb-related files, independently of this bug?
Comment 3 eggert 2018-12-12 19:06:48 UTC
In <https://mm.icann.org/pipermail/tz/2018-December/027309.html> dcb reported that this bug was found by a static analysis tool that inspects zdump.c code that should be ifdeffed out for systems like glibc that support C99 or supply snprintf.

This issue should therefore not be a bug for glibc (though it is relevant upstream, which still supports C89 <https://mm.icann.org/pipermail/tz/2017-June/025139.html>). Marking the glibc bug as RESOLVED and WORKSFORME, the closest annotation I can see for this situation.