This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug time/23603] mktime signed integer overflow on large timestamps
- From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Thu, 20 Sep 2018 00:09:49 +0000
- Subject: [Bug time/23603] mktime signed integer overflow on large timestamps
- Auto-submitted: auto-generated
- References: <bug-23603-131@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=23603
--- Comment #13 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via e1080e7e5f3e62ef737bb3ee5babd7ad66bedfd7 (commit)
via 8e6fd2bdb21efe2cc1ae7571ff8fb2599db6a05a (commit)
from 83a552b0bb9fc2a5e80a0ab3723c0a80ce1db9f2 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e1080e7e5f3e62ef737bb3ee5babd7ad66bedfd7
commit e1080e7e5f3e62ef737bb3ee5babd7ad66bedfd7
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Wed Sep 19 13:16:14 2018 -0700
Fix mktime localtime offset confusion
[BZ #23603]
* include/time.h (__mktime_internal): The localtime offset is now
of type long int instead of time_t. This is the longstanding type
in glibc, and it is more than enough to represent difference
between localtime and gmtime even if it is 32 bits and time_t is
64. Changing it now will let us avoid an unnecessary change when
time_t is widened to 64 bits on 32-bit platforms.
* time/mktime-internal.h (mktime_offset_t): Now long int.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8e6fd2bdb21efe2cc1ae7571ff8fb2599db6a05a
commit 8e6fd2bdb21efe2cc1ae7571ff8fb2599db6a05a
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Wed Sep 19 13:16:14 2018 -0700
Merge mktime, timegm from upstream Gnulib
[BZ #23603][BZ #16346]
This fixes some obscure problems with integer overflow.
Although it looks scary, it is almost all a byte-for-byte copy
from Gnulib, and the Gnulib code has been tested reasonably well.
* include/intprops.h: New file, copied from Gnulib.
* include/verify.h, time/mktime-internal.h:
New tiny files, simplified from Gnulib.
* time/mktime.c: Copy from Gnulib. This has the following changes:
Do not include config.h if DEBUG_MKTIME is nonzero.
Include stdbool.h, intprops.h, verify.h.
Include string.h only if needed.
Include stdlib.h on MS-Windows.
Include mktime-internal.h.
(DEBUG_MKTIME): Default to 0, and simplify later uses.
(NEED_MKTIME_INTERNAL, NEED_MKTIME_WINDOWS)
(NEED_MKTIME_WORKING): Give default values to pacify -Wundef,
which glibc uses. Default NEED_MKTIME_WORKING to DEBUG_MKTIME, to
simplify later conditionals; default the others to zero. Use
these conditionals to express only the code needed on the current
platform. In uses of these conditionals, explicitly spell out how
_LIBC affects things, so it’s easier to review from a glibc
viewpoint.
(WRAPV): Remove; no longer needed now that we have
systematic overflow checking.
(my_tzset, __tzset) [!_LIBC]: New function and macro, to better
compartmentalize tzset issues. Move system-dependent tzsettish
code here from mktime.
(verify): Remove; now done by verify.h. All uses changed.
(long_int): Use a more-conservative definition, to avoid
integer overflow.
(SHR): Remove, replacing with ...
(shr): New function, which means we needn’t worry about side
effects in args, and conversion analysis is simpler.
(TYPE_IS_INTEGER, TYPE_TWOS_COMPLEMENT, TYPE_SIGNED, TYPE_MINIMUM)
(TYPE_MAXIMUM, TIME_T_MIN, TIME_T_MAX, TIME_T_MIDPOINT)
(time_t_avg, time_t_add_ok): Remove.
(mktime_min, mktime_max): New constants.
(leapyear, isdst_differ): Use bool for booleans.
(ydhms_diff, guess_time_tm, ranged_convert, __mktime_internal):
Use long_int, not time_t, for mktime differences.
(long_int_avg): New function, replacing time_t_avg.
INT_ADD_WRAPV replaces time_t_add_ok.
(guess_time_tm): 6th arg is now long_int, not time_t const *.
All uses changed.
(convert_time): New function.
(ranged_convert): Use it.
(__mktime_internal): Last arg now points to mktime_offset_t, not
time_t. All uses changed. This is a no-op on glibc, where
mktime_offset_t is always time_t. Use int, not time_t, for UTC
offset guess. Directly check for integer overflow instead of
using a heuristic that works only 99.9...% of the time.
Access *OFFSET only once, to avoid an unlikely race if the
compiler delays a load and if this cascades into a signed integer
overflow.
(mktime): Move tzsettish code to my_tzset, and move
localtime_offset to within mktime so that it doesn’t
need a separate ifdef.
(main) [DEBUG_MKTIME]: Speed up by using localtime_r
instead of localtime.
* time/timegm.c: Copy from Gnulib. This has the following changes:
Include mktime-internal.h.
[!_LIBC]: Include config.h and time.h. Do not include
timegm.h or time_r.h. Make __mktime_internal a macro,
and include mktime-internal.h to get its declaration.
(timegm): Temporary is now mktime_offset_t, not time_t.
This affects only Gnulib.
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 80 +++++++
include/intprops.h | 455 ++++++++++++++++++++++++++++++++++++++++
include/time.h | 4 +-
include/verify.h | 2 +
time/mktime-internal.h | 2 +
time/mktime.c | 545 ++++++++++++++++++++++--------------------------
time/timegm.c | 23 +--
7 files changed, 793 insertions(+), 318 deletions(-)
create mode 100644 include/intprops.h
create mode 100644 include/verify.h
create mode 100644 time/mktime-internal.h
--
You are receiving this mail because:
You are on the CC list for the bug.