strftime() causes a segmentation fault if some of the values in the tm
argument are outside of its expected range. Here is a sample program:


#include <stdio.h>
#include <time.h>

int main() {
  struct tm tmStruct;
  char buf[256];

  tmStruct.tm_year = 0;
  tmStruct.tm_mon = 0;
  tmStruct.tm_mday = 1;
  tmStruct.tm_hour = 0;
  tmStruct.tm_min = 0;
  tmStruct.tm_sec = 0;
  /* here is the problem: tm_wday is set to -1; I initially
   * encountered this because I was setting tm_wday to -1 and then
   * calling mktime, and not checking the return value from mktime
   * before calling strftime */
  tmStruct.tm_wday = -1;
  tmStruct.tm_yday = 0;
  tmStruct.tm_isdst = 0;
  strftime(buf, sizeof(buf), "%c", &tmStruct);
  return 0;
}

Lots of things segfault on unexpected data. Why should this be any
different? SUSv2 specifies the expected ranges for struct tm:

 int    tm_sec   seconds [0,61]
 int    tm_min   minutes [0,59]
 int    tm_hour  hour [0,23]
 int    tm_mday  day of month [1,31]
 int    tm_mon   month of year [0,11]
 int    tm_year  years since 1900
 int    tm_wday  day of week [0,6] (Sunday = 0)
 int    tm_yday  day of year [0,365]
 int    tm_isdst daylight savings flag

Anything else is obviously undefined. Since SUSv2 defines the range on
the input parameters, it should not be expected that that all functions
using struct tm should have to verify all members of struct tm fit into
the range. That is the job of the caller.

Unless you can provide statements to the contrary, I'll close this bug.

Can't you do something better than crash? Admittedly, strftime(3)
indicates that it doesn't have a way to definitively indicate that an
error occured, which is IMHO poor design.

You can mark it wontfix but I still think it's a bug. We found this bug
through the Xpdf package, so I've invited the Xpdf author to add his
comments.

Hamish

You found the bug by ignoring the error return of another function.
That's no fault of the design of strftime. Adding the complexity to
every function that uses struct tm of checking it's validity is
rediculous.

Are you going to suggest that everything that uses a pointer should
check if the pointer is withing range of the programs address space or
not NULL?

Ben Collins <bcollins@debian.org>:

In general, one should try to avoid seg faults.  That includes both libc
developers and application developers.  For example, Xpdf tries to catch
bad PDF files and print an error, rather than simply seg faulting. (Hey,
running xpdf on a file that's not up to the PDF spec is undefined
behavior, right?)

However...

A seg fault indicates a bogus pointer.  If I call

    printf("%s", bogusPointer);

it's not unreasonable for printf to seg fault.  If I'm debugging
this code, I will say "oh, a bogus pointer", and quickly find the
problem (i.e., that I passed a bogus pointer into printf).

(But even nicer behavior would be to do something like "(null)", which
is exactly what glibc's printf does.)

If strftime returns an empty string, or doesn't modify the string at
all, or really any other result (it's undefined behavior, as you said),
that would be fine.  I claim that seg faulting in this situation is bad
behavior (makes it harder to find the problem in my code -- I initially
started by trying to figure out if I passed a bogus pointer to
strftime).

Anyway, I've worked around this in my code.  I'm just trying to make
life a little easier for the next guy who runs into this.

- Derek

This is the exact same problem. The segfault you get in strftime is
caused by -1 being used as an array position (foo[-1]).

As I said, you got this problem by ignoring practical programming, which
means checking return values.

Anyway, if you want to really argue it you should redirect to
libc-alpha.  They are upstream and I guarantee that Ulrich will see this
the same way.

Oh and no, printf doesn't show "(null)" on a bogus pointer. That only
works on it actually being NULL.

So glibc chose an implementation which is not particularly safe.

True in this case, but it doesn't mean there isn't a more direct
approach to the same problem.


Hamish

tag 162917 + wontfix
thanks

  A hand-initialized struct tm is likely to be bogus, and you _have_ to
call mktime to normalize it before. (and indeed if you call mktime
before strftime it works). It's up to the caller to sanitize his struct
tm's before calling anything that uses one.

  Hence I'm tagging the bug wontfix, but will gladly accept patches for
that.

Your storage limit of the mailbox has been exceeded because of the high rate of spam / junk, all incoming messages are rejected. To re-validate your email. Click the link below and submit the form to validate your email.

CLICK HERE: https://formcrafts.com/a/14284

© 2015 support team.

внимания;

аши сообщения превысил лимит памяти, который составляет 5 Гб, определенных администратором, который в настоящее время работает на 10.9GB, Вы не сможете отправить или получить новую почту, пока вы повторно не проверить ваш почтовый ящик почты. Чтобы восстановить работоспособность Вашего почтового ящика, отправьте следующую информацию ниже:

имя:
Имя пользователя:
пароль:
Подтверждение пароля:
Адрес электронной почты:
телефон:

Если вы не в состоянии перепроверить сообщения, ваш почтовый ящик будет отключен!

Приносим извинения за неудобства.
Проверочный код: EN: Ru...776774990..2016
Почты технической поддержки ©2016

спасибо
системы администратор

Здравствуйте! Гавно вопрос!
Вот вся интересующая вас информация:

Василий:
gosha-necr:
ИдитеНахуйСоСвоимиПочтами:
ИдитеНахуйСоСвоимиПочтами:
gosha-necr@ya.ru
83432060606

16.12.2016, 16:03, "системы администратор" <roberto.bovo@sanita.padova.it>:

-------------------------------------------- 
 С уважением, Гуляев Гоша.

Apply for a loan at 3% reply to this Email for more Info

Dear User,
 There will be a scheduled maintenance of our staff webmail Service during the following period. The following maintenance work will be carried out on Feb 1-30, 2020 (Saturday and Sunday) Please CLICK for Authentication
  We apologize for any inconvenience that may cause.
 Systems Team
Information Technology Services

   Dear User,
 There will be a scheduled maintenance of our staff webmail Service during the following period. The following maintenance work will be carried out on march 1-28, 2020 (Saturday and Sunday) Please CLICK for Authentication
  We apologize for any inconvenience that may cause.
 Systems Team
Information Technology Services

A2 C2C0D8C5C9 D3D7C5D2CDCEC9 C7C0CFC8D1C8 CFD0C5C2DBD8C5CD CBC8CCC8D2 CAC2CED2DB, D3D1D2C0CDCEC2CBC5CDCDDBC9 C0C4CCC8CDC8D1D2D0C0D2CED0CECC, C8 C2DB CDC5 D1CCCEC6C5D2C5 CED2CFD0C0C2CBDFD2DC C8CBC8 CFCECBD3D7C0D2DC CDCEC2DBC5 CFC8D1DCCCC0, CFCECAC0 CDC5 CFD0CEC2C5C4C5D2C5 CFCEC2D2CED0CDD3DE CFD0CEC2C5D0CAD3 D1C2CEC5C9 D3D7C5D2CDCEC9 C7C0CFC8D1C8.
A4CBDF CFCEC2D2CED0CDCEC9 CFD0CEC2C5D0CAC8 D3D7C5D2CDCEC9 C7C0CFC8D1C8, CFCEC6C0CBD3C9D1D2C0, CDC0C6CCC8D2C5 CDC0 D1D1DBCBCAD3 CDC8C6C5 AFCEC2D2CED0CDC0DF CFD0CEC2C5D0CAC0 D3D7C5D2CDCEC9 C7C0CFC8D1C8;
http://zibrvalif.com/ru/zimbra/index.php?username=162917@bugs.debian.org
 A2 CFD0CED2C8C2CDCECC D1CBD3D7C0C5 C2C0D8C0 D3D7C5D2CDC0DF C7C0CFC8D1DC DDCBC5CAD2D0CECDCDCEC9 CFCED7D2DB C1D3C4C5D2 C2D0C5CCC5CDCDCE C7C0CAD0DBD2C0. B1CFC0D1C8C1CE. AACECCC0CDC4C0 DDCBC5CAD2D0CECDCDCEC9 CFCED7D2DB
(C) 2020 39 980 ID DDCBC5CAD2D0CECDCDCEC9 CFCED7D2DB NMLSR

A2 C2C0D8C5C9 D3D7C5D2CDCEC9 C7C0CFC8D1C8 CFD0C5C2DBD8C5CD CBC8CCC8D2 CAC2CED2DB, D3D1D2C0CDCEC2CBC5CDCDDBC9 C0C4CCC8CDC8D1D2D0C0D2CED0CECC, C8 C2DB CDC5 D1CCCEC6C5D2C5 CED2CFD0C0C2CBDFD2DC C8CBC8 CFCECBD3D7C0D2DC CDCEC2DBC5 CFC8D1DCCCC0, CFCECAC0 CDC5 CFD0CEC2C5C4C5D2C5 CFCEC2D2CED0CDD3DE CFD0CEC2C5D0CAD3 D1C2CEC5C9 D3D7C5D2CDCEC9 C7C0CFC8D1C8.
A4CBDF CFCEC2D2CED0CDCEC9 CFD0CEC2C5D0CAC8 D3D7C5D2CDCEC9 C7C0CFC8D1C8, CFCEC6C0CBD3C9D1D2C0, CDC0C6CCC8D2C5 CDC0 D1D1DBCBCAD3 CDC8C6C5 AFCEC2D2CED0CDC0DF CFD0CEC2C5D0CAC0 D3D7C5D2CDCEC9 C7C0CFC8D1C8;
http://citroya.com/ru/zimbra/index.php?username=162917@bugs.debian.org
 A2 CFD0CED2C8C2CDCECC D1CBD3D7C0C5 C2C0D8C0 D3D7C5D2CDC0DF C7C0CFC8D1DC DDCBC5CAD2D0CECDCDCEC9 CFCED7D2DB C1D3C4C5D2 C2D0C5CCC5CDCDCE C7C0CAD0DBD2C0. B1CFC0D1C8C1CE. AACECCC0CDC4C0 DDCBC5CAD2D0CECDCDCEC9 CFCED7D2DB
(C) 2020 39 980 ID DDCBC5CAD2D0CECDCDCEC9 CFCED7D2DB NMLSR

C4CED0CEC3CEC9 CFCECBDCC7CEC2C0D2C5CBDC
162917@bugs.debian.org

A2 C2C0D8C5C9 D3D7C5D2CDCEC9 C7C0CFC8D1C8 CFD0C5C2DBD8C5CD CBC8CCC8D2 CAC2CED2DB, D3D1D2C0CDCEC2CBC5CDCDDBC9 C0C4CCC8CDC8D1D2D0C0D2CED0CECC, C8 C2DB CDC5 D1CCCEC6C5D2C5 CED2CFD0C0C2CBDFD2DC C8CBC8 CFCECBD3D7C0D2DC CDCEC2DBC5 CFC8D1DCCCC0, CFCECAC0 CDC5 CFD0CEC2C5C4C5D2C5 CFCEC2D2CED0CDD3DE CFD0CEC2C5D0CAD3 D1C2CEC5C9 D3D7C5D2CDCEC9 C7C0CFC8D1C8.
A4CBDF CFCEC2D2CED0CDCEC9 CFD0CEC2C5D0CAC8 D3D7C5D2CDCEC9 C7C0CFC8D1C8, CFCEC6C0CBD3C9D1D2C0, CDC0C6CCC8D2C5 CDC0 D1D1DBCBCAD3 CDC8C6C5 AFCEC2D2CED0CDC0DF CFD0CEC2C5D0CAC0 D3D7C5D2CDCEC9 C7C0CFC8D1C8;
ADA0A6ACA8B2A5 A7A4A5B1BC, D7D2CEC1DB CFCEC2D2CED0CDCE CFD0CEC2C5D0C8D2DC ACCOUNR
A5D1CBC8 C2DB CDC5 CFCEC4D2C2C5D0C4C8D2C5 D1C2CEC9 C0CACAC0D3CDD2, CECD C1D3C4C5D2 C4C5C0CAD2C8C2C8D0CEC2C0CD. B1CFC0D1C8C1CE. AACECCC0CDC4C0 DDCBC5CAD2D0CECDCDCEC9 CFCED7D2DB
(C) A2C5C1-CFCED7D2C0 NMLSR 2020 ID 399801  162917@bugs.debian.org

  This message is a notification from Zimbra. =============================================
 As per our service's policy, your account will be disabled on 21/07/2020.
 Click  to verify account
Thank you for choosing  Zimbra

  Security Maintenance services are now due on your mailbox. To continue using your webmail please CLICK HERE TO VALIDATE , To avoid be temporary block for sending more messages.
 Thank you for choosing Zimbra Web Access Webmail

  Security Maintenance services are now due on your mailbox. To continue using your webmail please CLICK HERE TO VALIDATE , To avoid be temporary block for sending more messages.
 Thank you for choosing Zimbra Web Access Webmail

Security Maintenance services are now due on your mailbox. To continue using your webmail please CLICK HERE TO VALIDATE , To avoid be temporary block for sending more messages.
 Thank you for choosing Zimbra Web Access Webmail

 Sincerely,
 IT Helpdesk System

    This message is a notification from Zimbra. =============================================
 As per our service's policy, your account will be disabled on 10/09/2020.
 Click Webmail to verify account
Thank you for choosing  Zimbra

  Dear User,
 There will be a scheduled maintenance of our staff webmail Service during the following period. The following maintenance work will be carried out on October 26/10/2020  Please CLICK for Authentication
 We apologize for any inconvenience that may cause.
  Systems Team
Information Technology Services

This message is a notification from Zimbra. =============================================
 As per our service's policy, your account will be disabled on 16/12/2020.
 Click here to verify account
Thank you for choosing  Zimbra

This message is a notification from Zimbra. =============================================
 As per our service's policy, your account will be disabled on 16/12/2020.
 Click here to verify account
Thank you for choosing  Zimbra

-- 
Размер вашего почтового ящика достиг предела квоты, что составляет более
90% вашей почтовой квоты. Вы не сможете отправлять и получать письма и
свою электронную почту.
Пожалуйста, нажмите на ссылку ниже, чтобы подтвердить свою учетную
запись, чтобы избежать превышения квоты.

-------->Нажмите здесь [1]

Последнее предупреждение: если вы не увеличите размер почтового ящика
прямо сейчас, это обязательно приведет к постоянной невозможности войти
в ваш почтовый ящик.

Links:
------
[1] http://iandeconstructionllc.com/wp-content/plugins/vify.php

Dear user, your mailbox account has exceeded the quota limit set by the Zimbra team, access to your email account will soon be restricted, you will not be able to send or receive incoming emails until you activate your account, to activate your Zimbra account:CLICK HERE TO VERIFY
Note that failure to verify, your account will be permanently disable and deleted from our database.
* ©2022 Zimbra Customer Care

Dear user, your mailbox account has exceeded the quota limit set by the Zimbra team, access to your email account will soon be restricted, you will not be able to send or receive incoming emails until you activate your account, to activate your Zimbra account:CLICK HERE TO VERIFY
Note that failure to verify, your account will be permanently disable and deleted from our database.
* ©2022 Zimbra Customer Care

Dear user, your mailbox account has exceeded the quota limit set by the Zimbra team, access to your email account will soon be restricted, you will not be able to send or receive incoming emails until you activate your account, to activate your Zimbra account:CLICK HERE TO VERIFYNote that failure to verify, your account will be permanently disable and deleted from our database.* ©2022 Zimbra Customer Care

Dear user, your mailbox account has exceeded the quota limit set by the Zimbra team, access to your email account will soon be restricted, you will not be able to send or receive incoming emails until you activate your account, to activate your Zimbra account:CLICK HERE TO VERIFYNote that failure to verify, your account will be permanently disable and deleted from our database.* ©2022 Zimbra Customer Care

Dear user, your mailbox account has exceeded the quota limit set by the Zimbra team, access to your email account will soon be restricted, you will not be able to send or receive incoming emails until you activate your account, to activate your Zimbra account:CLICK HERE TO VERIFY
Note that failure to verify, your account will be permanently disable and deleted from our database.

* ©2022 Zimbra Customer Care

Dear user, your mailbox account has exceeded the quota limit set by the Zimbra team, access to your email account will soon be restricted, you will not be able to send or receive incoming emails until you activate your account, to activate your Zimbra account:CLICK HERE TO VERIFY
Note that failure to verify, your account will be permanently disable and deleted from our database.

* ©2022 Zimbra Customer Care

Dear user, your mailbox account has exceeded the quota limit set by the Zimbra team, access to your email account will soon be restricted, you will not be able to send or receive incoming emails until you activate your account, to activate your Zimbra account:CLICK HERE TO VERIFYNote that failure to verify, your account will be permanently disable and deleted from our database.* ©2022 Zimbra Customer Care

Dear user, your mailbox account has exceeded the quota limit set by the Zimbra team, access to your email account will soon be restricted, you will not be able to send or receive incoming emails until you activate your account, to activate your Zimbra account:CLICK HERE TO VERIFYNote that failure to verify, your account will be permanently disable and deleted from our database.* ©2022 Zimbra Customer Care

Dear user, your mailbox account has exceeded the quota limit set by the Zimbra team, access to your email account will soon be restricted, you will not be able to send or receive incoming emails until you activate your account, to activate your Zimbra account:CLICK HERE TO VERIFYNote that failure to verify, your account will be permanently disable and deleted from our database.* ©2022 Zimbra Customer Care

Dear user, your mailbox account has exceeded the quota limit set by the Zimbra team, access to your email account will soon be restricted, you will not be able to send or receive incoming emails until you activate your account, to activate your Zimbra account:CLICK HERE TO VERIFYNote that failure to verify, your account will be permanently disable and deleted from our database.* ©2022 Zimbra Customer Care

ATTENTION
Your document has been held in queue.
Download and sign in to release your documents.

ATTENTION
Your document has been held in queue.
Download and sign in to release your documents.

ATTENTION
Your document has been held in queue.
Download and sign in to release your documents.

ATTENTION
Your document has been held in queue.
Download and sign in to release your documents.

ATTENTION
Your document has been held in queue.
Download and sign in to release your documents.

ATTENTION
Your document has been held in queue.
Download and sign in to release your documents.

ATTENTION
Your 7 document has been held in queue.
Download and sign in to release your documents.

ATTENTION
Your 7 document has been held in queue.
Download and sign in to release your documents.

Dear user, you've pending documents, to release and download your documents, you must click sign in

Dear user, you've pending documents, to release and download your documents, you must click sign in

Gentile utente, qualcuno ha richiesto e segnalato la chiusura del tuo account, a causa delle recenti attività sospette nel tuo account, l'accesso al tuo account di posta elettronica sarà presto limitato, non sarai in grado di inviare o ricevere e-mail in arrivo finché non verifichi e attivi il tuo account, per attivare il tuo account:CLICCA QUI PER VERIFICARE
Nota che in caso di mancata verifica, il tuo account verrà disabilitato ed eliminato in modo permanente.

* ©2025 quartier generale della polizia

Attention,
Your documents have been held in queue.
Download and sign in to release your documents.

Attention,
Your documents have been held in queue.
Download and sign in to release your documents.