Bug 3944 - strptime() segfaults on certain date formats
Summary: strptime() segfaults on certain date formats
Status: RESOLVED FIXED
Alias: None
Product: glibc
Classification: Unclassified
Component: libc (show other bugs)
Version: unspecified
: P2 normal
Target Milestone: ---
Assignee: Ulrich Drepper
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-01-30 21:05 UTC by Vassilis Pandis
Modified: 2018-04-20 14:03 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vassilis Pandis 2007-01-30 21:05:24 UTC 
Hello,

this is a bug originally reported at https://bugs.launchpad.net/bugs/50563 . An
Ubuntu user reported the following:

"This segfaults on Ubuntu Dapper:

#define _XOPEN_SOURCE
#include <time.h>
int main() {
  struct tm tm;
  strptime("2004", "%Y", &tm); /* Segfault. */
  return 0;
}

This does not:

#define _XOPEN_SOURCE
#include <time.h>
int main() {
  struct tm tm;
  strptime("2004-01-01", "%Y-%m-%d", &tm); /* OK. */
  strptime("2004-01", "%Y-%m", &tm); /* OK. */
  return 0;
}

Internally, strptime() sets up a "struct tm" when parsing the date string. If
both the month and day-of-month are not present, two fields in that struct are
left uninitialized, and the segfault occurs when the uninitialized values are
used in an array lookup in time/strptime_l.c:day_of_the_week().

I have a patch for this, but cannot be sure that it works, because I don't have
enough disk space or CPU time for a glibc build."


Unfortunately, we haven't been able to contact the user for a patch. At any
rate, it would be nice if this were fixed. Thanks!
Comment 1 Ulrich Drepper 2007-02-09 01:45:01 UTC 
Fixed in cvs.
Comment 2 Sourceware Commits 2007-07-12 14:50:53 UTC 
Subject: Bug 3944

CVSROOT:	/cvs/glibc
Module name:	libc
Branch: 	glibc-2_5-branch
Changes by:	jakub@sourceware.org	2007-07-12 14:50:42

Modified files:
	.              : ChangeLog 
	time           : Makefile strptime_l.c 
Added files:
	time           : tst-strptime3.c 

Log message:
	2007-02-08  Jakub Jelinek  <jakub@redhat.com>
	
	[BZ #3944]
	* time/strptime_l.c (__strptime_internal): Set have_mon for
	%b/%B/%h.  Set have_mon and have_mday if tm_mon and tm_mday
	have been computed from tm_yday and tm_year.  Don't crash
	in day_of_the_week or day_of_the_year if not have_mon
	and tm_mon contains bogus value.
	* time/Makefile (tests): Add tst-strptime3.
	* time/tst-strptime3.c: New test.

Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/libc/ChangeLog.diff?cvsroot=glibc&only_with_tag=glibc-2_5-branch&r1=1.10362.2.40&r2=1.10362.2.41
http://sourceware.org/cgi-bin/cvsweb.cgi/libc/time/tst-strptime3.c.diff?cvsroot=glibc&only_with_tag=glibc-2_5-branch&r1=NONE&r2=1.1.6.1
http://sourceware.org/cgi-bin/cvsweb.cgi/libc/time/Makefile.diff?cvsroot=glibc&only_with_tag=glibc-2_5-branch&r1=1.110&r2=1.110.2.1
http://sourceware.org/cgi-bin/cvsweb.cgi/libc/time/strptime_l.c.diff?cvsroot=glibc&only_with_tag=glibc-2_5-branch&r1=1.7&r2=1.7.2.1