This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [patch] Fix BZ 18985 out of bounds access in strftime

From: Andreas Schwab <schwab at linux-m68k dot org>
To: Paul Pluzhnikov <ppluzhnikov at google dot com>
Cc: Paul Eggert <eggert at cs dot ucla dot edu>, GLIBC Devel <libc-alpha at sourceware dot org>
Date: Sun, 20 Sep 2015 23:54:52 +0200
Subject: Re: [patch] Fix BZ 18985 out of bounds access in strftime
Authentication-results: sourceware.org; auth=none
References: <CAPC3xao-5YF_icBWE5yYbaYiUmiAvmb7w9s_G-dqawsx7eoTkQ at mail dot gmail dot com> <55FE5473 dot 7030305 at cs dot ucla dot edu> <CALoOobOWfPWuwtw_XgcTKx2yn=p3YbB04_B965zKRCkC1qsPjQ at mail dot gmail dot com> <55FEFD47 dot 4090401 at cs dot ucla dot edu> <CALoOobMOFtQVcCK4bR3VpeLMoj4bXVa12GAk0CjP6MMxuQU+Fw at mail dot gmail dot com> <CALoOobP2BQhWp_2NAvFyXfo9UVwr8mQCKbyL-8SJF8U3VoQRsA at mail dot gmail dot com>

Paul Pluzhnikov <ppluzhnikov@google.com> writes:

> diff --git a/time/strftime_l.c b/time/strftime_l.c
> index b48ef34..619e4e3 100644
> --- a/time/strftime_l.c
> +++ b/time/strftime_l.c
> @@ -510,13 +510,17 @@ __strftime_internal (s, maxsize, format, tp, tzset_called ut_argument
>       only a few elements.  Dereference the pointers only if the format
>       requires this.  Then it is ok to fail if the pointers are invalid.  */
>  # define a_wkday \
> -  ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(ABDAY_1) + tp->tm_wday))
> +  ((const CHAR_T *) (tp->tm_wday < 0 || tp->tm_wday > 6 ?		      \
> +		     "?" : _NL_CURRENT (LC_TIME, NLW(ABDAY_1) + tp->tm_wday)))
>  # define f_wkday \
> -  ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(DAY_1) + tp->tm_wday))
> +  ((const CHAR_T *) (tp->tm_wday < 0 || tp->tm_wday > 6 ?		      \
> +		     "?" : _NL_CURRENT (LC_TIME, NLW(DAY_1) + tp->tm_wday)))
>  # define a_month \
> -  ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(ABMON_1) + tp->tm_mon))
> +  ((const CHAR_T *) (tp->tm_mon < 0 || tp->tm_mon > 11 ?		      \
> +		     "?" : _NL_CURRENT (LC_TIME, NLW(ABMON_1) + tp->tm_mon)))
>  # define f_month \
> -  ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(MON_1) + tp->tm_mon))
> +  ((const CHAR_T *) (tp->tm_mon < 0 || tp->tm_mon > 11 ?		      \
> +		     "?" : _NL_CURRENT (LC_TIME, NLW(MON_1) + tp->tm_mon)))

Line break before operator, not after.

Andreas.

-- 
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 58CA 54C7 6D53 942B 1756  01D3 44D5 214B 8276 4ED5
"And now for something completely different."

Follow-Ups:
- Re: [patch] Fix BZ 18985 out of bounds access in strftime
  - From: Paul Pluzhnikov

References:
- [patch] Fix BZ 18985 out of bounds access in strftime
  - From: Paul Pluzhnikov
- Re: [patch] Fix BZ 18985 out of bounds access in strftime
  - From: Paul Eggert
- Re: [patch] Fix BZ 18985 out of bounds access in strftime
  - From: Paul Pluzhnikov
- Re: [patch] Fix BZ 18985 out of bounds access in strftime
  - From: Paul Eggert
- Re: [patch] Fix BZ 18985 out of bounds access in strftime
  - From: Paul Pluzhnikov
- Re: [patch] Fix BZ 18985 out of bounds access in strftime
  - From: Paul Pluzhnikov

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]