[tz] infinite loop in time2sub

enh enh at google.com
Thu Aug 22 21:28:32 UTC 2013


that passes my test and GCC's -Wstrict-overflow=5 no longer complains about
those two lines (though it does still have several other complaints about
localtime.c). committed to Android's C library as
713fe6463e6ff8cb9689aa8ead88c885d25d03aa (
https://android-review.googlesource.com/#/c/64140/).

thanks!


On Thu, Aug 22, 2013 at 12:53 PM, Paul Eggert <eggert at cs.ucla.edu> wrote:

> On 08/22/13 11:35, enh wrote:
>
> > looking at the Android AOSP git history, it looks like we found and
> > fixed this bug years ago but never talked to upstream about it:
>
> Thanks for the heads-up.  If I understand all those patches aright,
> the following patch (which I've pushed to the experimental github
> repository) should fix things.  I've fixed some other integer-overflow
> issues in the past few months, but I missed this one (and there are
> probably others I've missed).
>
> From 943a6621866e9d6e654f5cfe1494378c1fb8957a Mon Sep 17 00:00:00 2001
> From: Paul Eggert <eggert at cs.ucla.edu>
> Date: Thu, 22 Aug 2013 12:47:51 -0700
> Subject: [PATCH] * localtime.c: Fix another integer overflow bug in mktime.
>
> (time2sub): Avoid undefined behavior on time_t overflow.
> Reported by Elliott Hughes in
> <http://mm.icann.org/pipermail/tz/2013-August/019580.html>.
> ---
>  localtime.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/localtime.c b/localtime.c
> index f58b20a..a0a4e5e 100644
> --- a/localtime.c
> +++ b/localtime.c
> @@ -1789,14 +1789,14 @@ time2sub(struct tm *const tmp,
>                 } else  dir = tmcomp(&mytm, &yourtm);
>                 if (dir != 0) {
>                         if (t == lo) {
> -                               ++t;
> -                               if (t <= lo)
> +                               if (t == time_t_max)
>                                         return WRONG;
> +                               ++t;
>                                 ++lo;
>                         } else if (t == hi) {
> -                               --t;
> -                               if (t >= hi)
> +                               if (t == time_t_min)
>                                         return WRONG;
> +                               --t;
>                                 --hi;
>                         }
>                         if (lo > hi)
> --
> 1.7.11.7
>
>
>


-- 
Elliott Hughes - http://who/enh - http://jessies.org/~enh/
Java i18n/JNI/NIO, or bionic questions? Mail me/drop by/add me as a
reviewer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/tz/attachments/20130822/9865bd39/attachment.htm>


More information about the tz mailing list