[patch] Fix BZ 18985 out of bounds access in strftime
Andreas Schwab
schwab@linux-m68k.org
Sun Sep 20 21:54:00 GMT 2015
Paul Pluzhnikov <ppluzhnikov@google.com> writes:
> diff --git a/time/strftime_l.c b/time/strftime_l.c
> index b48ef34..619e4e3 100644
> --- a/time/strftime_l.c
> +++ b/time/strftime_l.c
> @@ -510,13 +510,17 @@ __strftime_internal (s, maxsize, format, tp, tzset_called ut_argument
> only a few elements. Dereference the pointers only if the format
> requires this. Then it is ok to fail if the pointers are invalid. */
> # define a_wkday \
> - ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(ABDAY_1) + tp->tm_wday))
> + ((const CHAR_T *) (tp->tm_wday < 0 || tp->tm_wday > 6 ? \
> + "?" : _NL_CURRENT (LC_TIME, NLW(ABDAY_1) + tp->tm_wday)))
> # define f_wkday \
> - ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(DAY_1) + tp->tm_wday))
> + ((const CHAR_T *) (tp->tm_wday < 0 || tp->tm_wday > 6 ? \
> + "?" : _NL_CURRENT (LC_TIME, NLW(DAY_1) + tp->tm_wday)))
> # define a_month \
> - ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(ABMON_1) + tp->tm_mon))
> + ((const CHAR_T *) (tp->tm_mon < 0 || tp->tm_mon > 11 ? \
> + "?" : _NL_CURRENT (LC_TIME, NLW(ABMON_1) + tp->tm_mon)))
> # define f_month \
> - ((const CHAR_T *) _NL_CURRENT (LC_TIME, NLW(MON_1) + tp->tm_mon))
> + ((const CHAR_T *) (tp->tm_mon < 0 || tp->tm_mon > 11 ? \
> + "?" : _NL_CURRENT (LC_TIME, NLW(MON_1) + tp->tm_mon)))
Line break before operator, not after.
Andreas.
--
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."
More information about the Libc-alpha
mailing list