Page MenuHomeFreeBSD

strptime: disallow zero hour for %I and %l
ClosedPublic

Authored by yuripv on Oct 13 2018, 12:00 AM.
Tags
None
Referenced Files
F107144007: D17543.diff
Fri, Jan 10, 7:25 PM
Unknown Object (File)
Mon, Dec 23, 1:34 PM
Unknown Object (File)
Mon, Dec 23, 1:19 PM
Unknown Object (File)
Mon, Dec 23, 1:18 PM
Unknown Object (File)
Mon, Dec 23, 1:04 PM
Unknown Object (File)
Wed, Dec 18, 7:10 PM
Unknown Object (File)
Nov 27 2024, 12:58 PM
Unknown Object (File)
Nov 24 2024, 6:58 AM
Subscribers

Details

Summary

%I (capital letter) is defined by POSIX as below:

%I    The hour (12-hour clock) [01,12]; leading zeros are permitted but not required.

%l (el) is extensions and is defined in strftime(3) as below:

%l    is replaced by the hour (12-hour clock) as a decimal number (1-12);
        single digits are preceded by a blank.
Test Plan

Looking into actually adding src/lib/libc/tests/time to the build (that's how I initially found the problem, running the test cases), for the moment:

#include <err.h>
#include <time.h>

int
main(void)
{
        struct tm tm;

        if (strptime("00", "%I", &tm) != NULL ||
            strptime("00", "%l", &tm) != NULL)
                errx(1, "wrong");

        return (0);
}

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

lib/libc/stdtime/strptime.c
293–294

Can't you just change this line to

} else if (i == 0 || i > 12)

to the same effect, but three lines less ?

yuripv added inline comments.
lib/libc/stdtime/strptime.c
293–294

Indeed, thanks.

I think that all hand-rolled string->number conversions in this file should check for overflow. Otherwise we call for undefined behavior and allow compiler authors to bully us.

Or change i to unsigned type, not sure what is better actually.

This revision is now accepted and ready to land.Oct 13 2018, 12:26 AM

Agreed, this needs to be looked at, and according to tests results, there are a lot more issues with strptime() (comparing with standard and linux output as well).

This revision was automatically updated to reflect the committed changes.