Defect in XSH asctime()

To:	yyyyyyyyyyyyyyy@xxxxxxxxxxxxx
Subject:	Defect in XSH asctime()
From:	yyyyyyyyyyyyyyy@xxxxxxx
Date:	Fri, 12 Dec 2003 02:17:59 GMT

        Defect report from : Robbin Kawabata , Sun Microsystems, Inc.

(Please direct followup comments direct to yyyyyyyyyyyyyy@xxxxxxxxxxxxx)

@ page 121 line 4407-4428 section asctime() objection {rrk031211-2}

Problem:

Edition of Specification (Year): 2003

Defect code :  1. Error

If asctime() is called with a tm structure whose tm_year field results
in a year > 9999 (which is possible with 64-bit time_t), the current
specification of asctime() would result in asctime() to overrunning a
26-character buffer;  the specification says the sprintf() format
for printing the year is "%d", and (eg) a 5-digit number would print
5 characters, overrunning the buffer.

Similarly, since the user can create the input struct tm, it is 
possible for the user to set the fields of the struct tm to values 
that are outside the normal bounds.  In such a case, the sprintf() 
format given in the asctime() specification can result in a buffer 
overrun.  For example, if tm_hour is 100, the sprintf() format 
".2d" writes the string "100", which could result in a buffer 
overrun.  The specification should be updated to state the algorithm 
can be used as long as the values of the tm struct are restricted 
to the normal bounds.

(Note TC2 already says asctime() can return NULL if unsuccessful.)

Action:

page 121 line 4407-4408 section asctime() objection
  Change:
   The asctime() function shall convert the broken-down time in the
   structure pointed to by timeptr into a string in the form:

  to:
   The asctime() function shall convert the broken-down time in the
   structure pointed to by timeptr into a string in the form, provided
   the broken-down time in the fields of the structure pointed
   to by timeptr contain values that are within the normal ranges
   (see <time.h>), and the calculated year does not exceed four digits:

page 121 line 4428 section asctime() objection
  After line 4428, add:
   Otherwise, if any of the fields of the tm structure pointed to by
   timeptr contain values that are outside the normal ranges, asctime()
   behavior is undefined.  If the calculated year exceeds four digits,
   asctime() shall either return NULL and set errno to EOVERFLOW,
   or write no more than four unspecified characters to the year field.

page 122 line 4445 section asctime() objection
  Change:
    No errors are defined.
  To:
    The asctime() and asctime_r() functions may fail if:

      [EOVERFLOW]  The result cannot be represented.

<Prev in Thread]	Current Thread	[Next in Thread>
Defect in XSH asctime(), robbin.kawabata <= Re: Defect in XSH asctime(), Paul Eggert Re: Defect in XSH asctime(), Larry Dwyer Re: Defect in XSH asctime(), Jim Zepeda Re: Defect in XSH asctime(), Pascal J.Bourguignon Re: Defect in XSH asctime(), Clive D.W. Feather Re: Defect in XSH asctime(), H. Peter Anvin Re: Defect in XSH asctime(), Clive D.W. Feather Re: Defect in XSH asctime(), Clive D.W. Feather Re: Defect in XSH asctime(), Clive D.W. Feather Re: Defect in XSH asctime(), H. Peter Anvin

Previous by Date:	Defect in XSH ctime(), robbin.kawabata
Next by Date:	Re: Defect in XSH asctime(), Paul Eggert
Previous by Thread:	Defect in XSH ctime(), robbin.kawabata
Next by Thread:	Re: Defect in XSH asctime(), Paul Eggert
Indexes:	[Date] [Thread] [All Lists]