This is the mail archive of the
cygwin@sources.redhat.com
mailing list for the Cygwin project.
1.1.4: BUG in date.exe causes memory overflow if resulting datestring is empty
- To: "'cygwin at sourceware dot cygnus dot com'" <cygwin at sourceware dot cygnus dot com>
- Subject: 1.1.4: BUG in date.exe causes memory overflow if resulting datestring is empty
- From: Martin Oberhuber <martin dot oberhuber at windriver dot com>
- Date: Thu, 21 Sep 2000 23:52:11 +0200
When you execute
date +"%Z"
the date.exe program consumes all available memory until it
terminates. The reason is that "%Z" results in an empty string
if the time zone is not set appropriately.
Looking at the code in src/shellutils/src/date.c:341 , we see
the problem -- strftime(), which is used to format the date
string, returns 0 both when the date string is empty and when
it ran out of memory. In my opinion, this is quite sick behaviour
-- but well, we can't get around strftime() if we want to be
POSIXly correct.
So I think the only bulletproof solution is to make sure that
the date string CANNOT be empty after calling strftime().
The patch attached does just that:
int in_length = strlen(formatstr);
char *safe_format = (char *)malloc(in_length+2);
*safe_format = 'X'; /* force non-empty result ! */
strcpy(safe_format+1, formatstr);
out_length = in_length;
do {
out_length += 200;
out = (char *) xrealloc (out, out_length);
}
while (strftime (out, out_length, safe_format, tm) == 0);
printf ("%s\n", out+1);
free(out);
free(safe_format);
I compiled and tested with gcc 2.95.2 -- date.exe becomes 1536 bytes
larger (most probably due to using strcpy() and strlen() ) but it's
safe now...
[/] diff -c src/shellutils/src/date.c.orig src/shellutils/src/date.c > date_patch.txt
Cheers,
Martin
--
---------------------------------/()\-----------------------------------
DI Martin Oberhuber mailto:martin.oberhuber@windriver.com
Field Support Engineer Phone (UTC +1h): +43 (662) 457915-85
TakeFive Software GmbH, a Wind River Company Fax: +43 (662) 457915-6
Jakob-Haringer-Str.8, A-5020 Salzburg, Austria http://www.windriver.com
---------------- The Leader in Source Code Engineering -----------------
*** src/shellutils/src/date.c.orig Tue Sep 19 11:49:45 2000
--- src/shellutils/src/date.c Thu Sep 21 23:37:29 2000
***************
*** 310,317 ****
show_date (const char *format, time_t when)
{
struct tm *tm;
char *out = NULL;
! size_t out_length = 0;
tm = localtime (&when);
--- 310,319 ----
show_date (const char *format, time_t when)
{
struct tm *tm;
+ char *safe_format;
+ size_t in_length;
char *out = NULL;
! size_t out_length;
tm = localtime (&when);
***************
*** 336,350 ****
return;
}
do
{
out_length += 200;
out = (char *) xrealloc (out, out_length);
}
! while (strftime (out, out_length, format, tm) == 0);
! printf ("%s\n", out);
free (out);
}
static void
--- 338,357 ----
return;
}
+ out_length = in_length = strlen(format);
+ safe_format = (char *)malloc(in_length+2);
+ *safe_format = 'X';
+ strcpy(safe_format+1, format);
do
{
out_length += 200;
out = (char *) xrealloc (out, out_length);
}
! while (strftime (out, out_length, safe_format, tm) == 0);
! printf ("%s\n", out+1);
free (out);
+ free (safe_format);
}
static void
--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com