public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/16346] New: mktime: potentially unsafe use of localtime_offset
@ 2013-12-19 3:20 aoliva at sourceware dot org
2014-06-13 11:24 ` [Bug libc/16346] " fweimer at redhat dot com
2015-08-27 22:19 ` [Bug time/16346] " jsm28 at gcc dot gnu.org
0 siblings, 2 replies; 3+ messages in thread
From: aoliva at sourceware dot org @ 2013-12-19 3:20 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16346
Bug ID: 16346
Summary: mktime: potentially unsafe use of localtime_offset
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: libc
Assignee: unassigned at sourceware dot org
Reporter: aoliva at sourceware dot org
CC: drepper.fsp at gmail dot com
Although localtime_offset is only used as a guess by mktime_internal, and it's
only updated once at the end of the function, and only read once in the
beginning of the function, there's a potential for the compiler to delay the
load from the initial assignment of guessed_offset to both of the two initial
uses of guessed_offset. The second is conditional, so there could be other
loads in the paths in which the conditions are not met.
It's not entirely clear to me that the code will still behave correctly should
guessed_offset be reloaded from localtime_offset at the time of the second use,
in case another thread modified it since it was first loaded.
It is quite likely that the convert loop can cope with whatever variations to
guessed_offset introduced by concurrent changes to a reloaded localtime_offset,
but it would be nice to have a definitive answer on that, or some alternate
mechanism to ensure guessed_offset is set at the top as intended, not to be
reloaded again. Using atomics to read and update localtime_offset is one
possibility, but since time_t is word-sized, just ensuring the absence of
reloads ought to be enough. An asm("" : "+X" (guessed_offset)) after the
initial assignment, to detach the variable from the memory location, would do.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug libc/16346] mktime: potentially unsafe use of localtime_offset
2013-12-19 3:20 [Bug libc/16346] New: mktime: potentially unsafe use of localtime_offset aoliva at sourceware dot org
@ 2014-06-13 11:24 ` fweimer at redhat dot com
2015-08-27 22:19 ` [Bug time/16346] " jsm28 at gcc dot gnu.org
1 sibling, 0 replies; 3+ messages in thread
From: fweimer at redhat dot com @ 2014-06-13 11:24 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16346
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug time/16346] mktime: potentially unsafe use of localtime_offset
2013-12-19 3:20 [Bug libc/16346] New: mktime: potentially unsafe use of localtime_offset aoliva at sourceware dot org
2014-06-13 11:24 ` [Bug libc/16346] " fweimer at redhat dot com
@ 2015-08-27 22:19 ` jsm28 at gcc dot gnu.org
1 sibling, 0 replies; 3+ messages in thread
From: jsm28 at gcc dot gnu.org @ 2015-08-27 22:19 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=16346
Joseph Myers <jsm28 at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|libc |time
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-08-27 22:19 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-12-19 3:20 [Bug libc/16346] New: mktime: potentially unsafe use of localtime_offset aoliva at sourceware dot org
2014-06-13 11:24 ` [Bug libc/16346] " fweimer at redhat dot com
2015-08-27 22:19 ` [Bug time/16346] " jsm28 at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).