| To: | "Clive D.W. Feather" <yyyyy@xxxxxxxxx> |
|---|---|
| Subject: | Re: Defect in XSH asctime() |
| From: | "H. Peter Anvin" <yyy@xxxxxxxxx> |
| Date: | Tue, 16 Dec 2003 12:06:39 -0800 |
| Cc: | yyyyyyyyyyyyyyy@xxxxxxx, yyyyyyyyyyyyyyy@xxxxxxxxxxxxx |
| Organization: | Zytor Communications |
| References: | <200312120217.CAA12802@xxxxxx> <20031215110941.GA31124@finch-staff-1.thus.net> |
Clive D.W. Feather wrote:
> yyyyyyyyyyyyyyy@xxxxxxx said:
>
>>If asctime() is called with a tm structure whose tm_year field results
>>in a year > 9999 (which is possible with 64-bit time_t), the current
>>specification of asctime() would result in asctime() to overrunning a
>>26-character buffer; the specification says the sprintf() format
>>for printing the year is "%d", and (eg) a 5-digit number would print
>>5 characters, overrunning the buffer.
>
> WG14 examined this issue quite a long time ago. We decided that the
> behaviour was simply undefined. There is no requirement that a particular
> string appear in the buffer, or even that the function call returns in a
> sensible state (or at all). It's *UNDEFINED*.
>
I would classify that as a security hazard. Dates are almost
definitional of something that is user-entered, and for it to neither
fail correctly or produce sensible output sounds like a really dangerous
proposition.
Sorry,
-hpa
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: Defect in XSH asctime(), H. Peter Anvin |
|---|---|
| Next by Date: | Re: Defect in XSH asctime(), Robbin Kawabata |
| Previous by Thread: | Re: Defect in XSH asctime(), Clive D.W. Feather |
| Next by Thread: | Re: Defect in XSH asctime(), Clive D.W. Feather |
| Indexes: | [Date] [Thread] [All Lists] |