Message106538
The patch as written causes buffer overflow for year >= 10,000:
>>> len(time.asctime( (10000, 1, 1, 0, 0, 0, 0, 1, -1)))
26
>>> len(time.asctime( (100000, 1, 1, 0, 0, 0, 0, 1, -1)))
27
while the buffer is only 26 characters:
+ static char result[26];
+
+ sprintf(result, "%.3s %.3s%3d %.2d:%.2d:%.2d %d\n",
This can be fixed in multiple ways: changing the year format to %.4d, using PyString_Format, or restricting the year to 4 decimal digits in check_bounds.
A nit pick: you can save some static storage by making wday_name and mon_name and possibly increase performance of asctime 2d arrays instead of arrays of pointers to null-terminated strings. See http://www.opengroup.org/onlinepubs/009695399/functions/asctime.html .
Just as Martin, I am split on whether the patch is correct. The fact that it is almost a copy of POSIX reference implementation gives some confidence, but that confidence is taken away by the reference implementation having a buffer overflow bug.
I am also not sure that all systems produce the same end of line character. I would like to hear from Windows experts. |
|
Date |
User |
Action |
Args |
2010-05-26 15:51:06 | belopolsky | set | recipients:
+ belopolsky, lemburg, brett.cannon, pitrou, alexandre.vassalotti, srid, abbeyj, AmirHabibi |
2010-05-26 15:51:06 | belopolsky | set | messageid: <1274889066.58.0.607584785519.issue6608@psf.upfronthosting.co.za> |
2010-05-26 15:51:05 | belopolsky | link | issue6608 messages |
2010-05-26 15:51:04 | belopolsky | create | |
|