This is the mail archive of the libc-hacker@sourceware.cygnus.com mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: glibc strftime.c bug: storing past the end of a zero-sized buffer


Paul Eggert <eggert@twinsun.com> writes:

> While fixing the other bugs, I noticed by code inspection that glibc's
> strftime (BUFFER, 0, "", ...)  stores a byte into BUFFER, even though
> the buffer's declared size is zero.  Here is a patch.

Thanks, but I think this is better:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Index: strftime.c
===================================================================
RCS file: /glibc/cvsfiles/libc/time/strftime.c,v
retrieving revision 1.60
diff -d -u -p -r1.60 strftime.c
--- strftime.c	1998/09/24 15:01:49	1.60
+++ strftime.c	1998/09/24 22:35:36
@@ -1227,7 +1227,7 @@ my_strftime (s, maxsize, format, tp)
 	}
     }
 
-  if (p)
+  if (p && i < maxsize)
     *p = '\0';
   return i;
 }
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-- 
---------------.      drepper at gnu.org  ,-.   1325 Chesapeake Terrace
Ulrich Drepper  \    ,-------------------'   \  Sunnyvale, CA 94089 USA
Cygnus Solutions `--' drepper at cygnus.com   `------------------------


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]