This is the mail archive of the
libc-hacker@sourceware.cygnus.com
mailing list for the glibc project.
Re: glibc strftime.c bug: storing past the end of a zero-sized buffer
- To: Paul Eggert <eggert@twinsun.com>
- Subject: Re: glibc strftime.c bug: storing past the end of a zero-sized buffer
- From: Ulrich Drepper <drepper@cygnus.com>
- Date: 24 Sep 1998 15:38:08 -0700
- Cc: libc-alpha@cygnus.com
- References: <199809241751.LAA02366@wijiji.santafe.edu> <199809242049.NAA12062@shade.twinsun.com>
- Reply-To: drepper@cygnus.com (Ulrich Drepper)
Paul Eggert <eggert@twinsun.com> writes:
> While fixing the other bugs, I noticed by code inspection that glibc's
> strftime (BUFFER, 0, "", ...) stores a byte into BUFFER, even though
> the buffer's declared size is zero. Here is a patch.
Thanks, but I think this is better:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Index: strftime.c
===================================================================
RCS file: /glibc/cvsfiles/libc/time/strftime.c,v
retrieving revision 1.60
diff -d -u -p -r1.60 strftime.c
--- strftime.c 1998/09/24 15:01:49 1.60
+++ strftime.c 1998/09/24 22:35:36
@@ -1227,7 +1227,7 @@ my_strftime (s, maxsize, format, tp)
}
}
- if (p)
+ if (p && i < maxsize)
*p = '\0';
return i;
}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--
---------------. drepper at gnu.org ,-. 1325 Chesapeake Terrace
Ulrich Drepper \ ,-------------------' \ Sunnyvale, CA 94089 USA
Cygnus Solutions `--' drepper at cygnus.com `------------------------