* 1.1.4: BUG in date.exe causes memory overflow if resulting datestring is empty
@ 2000-09-21 14:52 Martin Oberhuber
0 siblings, 0 replies; only message in thread
From: Martin Oberhuber @ 2000-09-21 14:52 UTC (permalink / raw)
To: 'cygwin@sourceware.cygnus.com'
When you execute
date +"%Z"
the date.exe program consumes all available memory until it
terminates. The reason is that "%Z" results in an empty string
if the time zone is not set appropriately.
Looking at the code in src/shellutils/src/date.c:341 , we see
the problem -- strftime(), which is used to format the date
string, returns 0 both when the date string is empty and when
it ran out of memory. In my opinion, this is quite sick behaviour
-- but well, we can't get around strftime() if we want to be
POSIXly correct.
So I think the only bulletproof solution is to make sure that
the date string CANNOT be empty after calling strftime().
The patch attached does just that:
int in_length = strlen(formatstr);
char *safe_format = (char *)malloc(in_length+2);
*safe_format = 'X'; /* force non-empty result ! */
strcpy(safe_format+1, formatstr);
out_length = in_length;
do {
out_length += 200;
out = (char *) xrealloc (out, out_length);
}
while (strftime (out, out_length, safe_format, tm) == 0);
printf ("%s\n", out+1);
free(out);
free(safe_format);
I compiled and tested with gcc 2.95.2 -- date.exe becomes 1536 bytes
larger (most probably due to using strcpy() and strlen() ) but it's
safe now...
[/] diff -c src/shellutils/src/date.c.orig src/shellutils/src/date.c > date_patch.txt
Cheers,
Martin
--
---------------------------------/()\-----------------------------------
DI Martin Oberhuber mailto:martin.oberhuber@windriver.com
Field Support Engineer Phone (UTC +1h): +43 (662) 457915-85
TakeFive Software GmbH, a Wind River Company Fax: +43 (662) 457915-6
Jakob-Haringer-Str.8, A-5020 Salzburg, Austria http://www.windriver.com
---------------- The Leader in Source Code Engineering -----------------
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2000-09-21 14:52 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2000-09-21 14:52 1.1.4: BUG in date.exe causes memory overflow if resulting datestring is empty Martin Oberhuber
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).