1.1.4: BUG in date.exe causes memory overflow if resulting datestring is empty
Martin Oberhuber
martin.oberhuber@windriver.com
Thu Sep 21 14:52:00 GMT 2000
When you execute
date +"%Z"
the date.exe program consumes all available memory until it
terminates. The reason is that "%Z" results in an empty string
if the time zone is not set appropriately.
Looking at the code in src/shellutils/src/date.c:341 , we see
the problem -- strftime(), which is used to format the date
string, returns 0 both when the date string is empty and when
it ran out of memory. In my opinion, this is quite sick behaviour
-- but well, we can't get around strftime() if we want to be
POSIXly correct.
So I think the only bulletproof solution is to make sure that
the date string CANNOT be empty after calling strftime().
The patch attached does just that:
int in_length = strlen(formatstr);
char *safe_format = (char *)malloc(in_length+2);
*safe_format = 'X'; /* force non-empty result ! */
strcpy(safe_format+1, formatstr);
out_length = in_length;
do {
out_length += 200;
out = (char *) xrealloc (out, out_length);
}
while (strftime (out, out_length, safe_format, tm) == 0);
printf ("%s\n", out+1);
free(out);
free(safe_format);
I compiled and tested with gcc 2.95.2 -- date.exe becomes 1536 bytes
larger (most probably due to using strcpy() and strlen() ) but it's
safe now...
[/] diff -c src/shellutils/src/date.c.orig src/shellutils/src/date.c > date_patch.txt
Cheers,
Martin
--
---------------------------------/()\-----------------------------------
DI Martin Oberhuber mailto:martin.oberhuber@windriver.com
Field Support Engineer Phone (UTC +1h): +43 (662) 457915-85
TakeFive Software GmbH, a Wind River Company Fax: +43 (662) 457915-6
Jakob-Haringer-Str.8, A-5020 Salzburg, Austria http://www.windriver.com
---------------- The Leader in Source Code Engineering -----------------
More information about the Cygwin
mailing list