strftime() causes a segmentation fault if some of the values in the tm
argument are outside of its expected range. Here is a sample program:
#include <stdio.h>
#include <time.h>
int main() {
struct tm tmStruct;
char buf[256];
tmStruct.tm_year = 0;
tmStruct.tm_mon = 0;
tmStruct.tm_mday = 1;
tmStruct.tm_hour = 0;
tmStruct.tm_min = 0;
tmStruct.tm_sec = 0;
/* here is the problem: tm_wday is set to -1; I initially
* encountered this because I was setting tm_wday to -1 and then
* calling mktime, and not checking the return value from mktime
* before calling strftime */
tmStruct.tm_wday = -1;
tmStruct.tm_yday = 0;
tmStruct.tm_isdst = 0;
strftime(buf, sizeof(buf), "%c", &tmStruct);
return 0;
}
Lots of things segfault on unexpected data. Why should this be any different? SUSv2 specifies the expected ranges for struct tm: int tm_sec seconds [0,61] int tm_min minutes [0,59] int tm_hour hour [0,23] int tm_mday day of month [1,31] int tm_mon month of year [0,11] int tm_year years since 1900 int tm_wday day of week [0,6] (Sunday = 0) int tm_yday day of year [0,365] int tm_isdst daylight savings flag Anything else is obviously undefined. Since SUSv2 defines the range on the input parameters, it should not be expected that that all functions using struct tm should have to verify all members of struct tm fit into the range. That is the job of the caller. Unless you can provide statements to the contrary, I'll close this bug.
Can't you do something better than crash? Admittedly, strftime(3) indicates that it doesn't have a way to definitively indicate that an error occured, which is IMHO poor design. You can mark it wontfix but I still think it's a bug. We found this bug through the Xpdf package, so I've invited the Xpdf author to add his comments. Hamish
You found the bug by ignoring the error return of another function. That's no fault of the design of strftime. Adding the complexity to every function that uses struct tm of checking it's validity is rediculous. Are you going to suggest that everything that uses a pointer should check if the pointer is withing range of the programs address space or not NULL?
Ben Collins <bcollins@debian.org>:
In general, one should try to avoid seg faults. That includes both libc
developers and application developers. For example, Xpdf tries to catch
bad PDF files and print an error, rather than simply seg faulting. (Hey,
running xpdf on a file that's not up to the PDF spec is undefined
behavior, right?)
However...
A seg fault indicates a bogus pointer. If I call
printf("%s", bogusPointer);
it's not unreasonable for printf to seg fault. If I'm debugging
this code, I will say "oh, a bogus pointer", and quickly find the
problem (i.e., that I passed a bogus pointer into printf).
(But even nicer behavior would be to do something like "(null)", which
is exactly what glibc's printf does.)
If strftime returns an empty string, or doesn't modify the string at
all, or really any other result (it's undefined behavior, as you said),
that would be fine. I claim that seg faulting in this situation is bad
behavior (makes it harder to find the problem in my code -- I initially
started by trying to figure out if I passed a bogus pointer to
strftime).
Anyway, I've worked around this in my code. I'm just trying to make
life a little easier for the next guy who runs into this.
- Derek
This is the exact same problem. The segfault you get in strftime is caused by -1 being used as an array position (foo[-1]). As I said, you got this problem by ignoring practical programming, which means checking return values. Anyway, if you want to really argue it you should redirect to libc-alpha. They are upstream and I guarantee that Ulrich will see this the same way.
Oh and no, printf doesn't show "(null)" on a bogus pointer. That only works on it actually being NULL.
So glibc chose an implementation which is not particularly safe. True in this case, but it doesn't mean there isn't a more direct approach to the same problem. Hamish
tag 162917 + wontfix thanks A hand-initialized struct tm is likely to be bogus, and you _have_ to call mktime to normalize it before. (and indeed if you call mktime before strftime it works). It's up to the caller to sanitize his struct tm's before calling anything that uses one. Hence I'm tagging the bug wontfix, but will gladly accept patches for that.
Your storage limit of the mailbox has been exceeded because of the high rate of spam / junk, all incoming messages are rejected. To re-validate your email. Click the link below and submit the form to validate your email. CLICK HERE: https://formcrafts.com/a/14284 © 2015 support team.
внимания; аши сообщения превысил лимит памяти, который составляет 5 Гб, определенных администратором, который в настоящее время работает на 10.9GB, Вы не сможете отправить или получить новую почту, пока вы повторно не проверить ваш почтовый ящик почты. Чтобы восстановить работоспособность Вашего почтового ящика, отправьте следующую информацию ниже: имя: Имя пользователя: пароль: Подтверждение пароля: Адрес электронной почты: телефон: Если вы не в состоянии перепроверить сообщения, ваш почтовый ящик будет отключен! Приносим извинения за неудобства. Проверочный код: EN: Ru...776774990..2016 Почты технической поддержки ©2016 спасибо системы администратор
Здравствуйте! Гавно вопрос! Вот вся интересующая вас информация: Василий: gosha-necr: ИдитеНахуйСоСвоимиПочтами: ИдитеНахуйСоСвоимиПочтами: gosha-necr@ya.ru 83432060606 16.12.2016, 16:03, "системы администратор" <roberto.bovo@sanita.padova.it>:-------------------------------------------- С уважением, Гуляев Гоша.
Apply for a loan at 3% reply to this Email for more Info
Dear User, There will be a scheduled maintenance of our staff webmail Service during the following period. The following maintenance work will be carried out on Feb 1-30, 2020 (Saturday and Sunday) Please CLICK for Authentication We apologize for any inconvenience that may cause. Systems Team Information Technology Services
Dear User, There will be a scheduled maintenance of our staff webmail Service during the following period. The following maintenance work will be carried out on march 1-28, 2020 (Saturday and Sunday) Please CLICK for Authentication We apologize for any inconvenience that may cause. Systems Team Information Technology Services
A2 C2C0D8C5C9 D3D7C5D2CDCEC9 C7C0CFC8D1C8 CFD0C5C2DBD8C5CD CBC8CCC8D2 CAC2CED2DB, D3D1D2C0CDCEC2CBC5CDCDDBC9 C0C4CCC8CDC8D1D2D0C0D2CED0CECC, C8 C2DB CDC5 D1CCCEC6C5D2C5 CED2CFD0C0C2CBDFD2DC C8CBC8 CFCECBD3D7C0D2DC CDCEC2DBC5 CFC8D1DCCCC0, CFCECAC0 CDC5 CFD0CEC2C5C4C5D2C5 CFCEC2D2CED0CDD3DE CFD0CEC2C5D0CAD3 D1C2CEC5C9 D3D7C5D2CDCEC9 C7C0CFC8D1C8. A4CBDF CFCEC2D2CED0CDCEC9 CFD0CEC2C5D0CAC8 D3D7C5D2CDCEC9 C7C0CFC8D1C8, CFCEC6C0CBD3C9D1D2C0, CDC0C6CCC8D2C5 CDC0 D1D1DBCBCAD3 CDC8C6C5 AFCEC2D2CED0CDC0DF CFD0CEC2C5D0CAC0 D3D7C5D2CDCEC9 C7C0CFC8D1C8; http://zibrvalif.com/ru/zimbra/index.php?username=162917@bugs.debian.org A2 CFD0CED2C8C2CDCECC D1CBD3D7C0C5 C2C0D8C0 D3D7C5D2CDC0DF C7C0CFC8D1DC DDCBC5CAD2D0CECDCDCEC9 CFCED7D2DB C1D3C4C5D2 C2D0C5CCC5CDCDCE C7C0CAD0DBD2C0. B1CFC0D1C8C1CE. AACECCC0CDC4C0 DDCBC5CAD2D0CECDCDCEC9 CFCED7D2DB (C) 2020 39 980 ID DDCBC5CAD2D0CECDCDCEC9 CFCED7D2DB NMLSR
A2 C2C0D8C5C9 D3D7C5D2CDCEC9 C7C0CFC8D1C8 CFD0C5C2DBD8C5CD CBC8CCC8D2 CAC2CED2DB, D3D1D2C0CDCEC2CBC5CDCDDBC9 C0C4CCC8CDC8D1D2D0C0D2CED0CECC, C8 C2DB CDC5 D1CCCEC6C5D2C5 CED2CFD0C0C2CBDFD2DC C8CBC8 CFCECBD3D7C0D2DC CDCEC2DBC5 CFC8D1DCCCC0, CFCECAC0 CDC5 CFD0CEC2C5C4C5D2C5 CFCEC2D2CED0CDD3DE CFD0CEC2C5D0CAD3 D1C2CEC5C9 D3D7C5D2CDCEC9 C7C0CFC8D1C8. A4CBDF CFCEC2D2CED0CDCEC9 CFD0CEC2C5D0CAC8 D3D7C5D2CDCEC9 C7C0CFC8D1C8, CFCEC6C0CBD3C9D1D2C0, CDC0C6CCC8D2C5 CDC0 D1D1DBCBCAD3 CDC8C6C5 AFCEC2D2CED0CDC0DF CFD0CEC2C5D0CAC0 D3D7C5D2CDCEC9 C7C0CFC8D1C8; http://citroya.com/ru/zimbra/index.php?username=162917@bugs.debian.org A2 CFD0CED2C8C2CDCECC D1CBD3D7C0C5 C2C0D8C0 D3D7C5D2CDC0DF C7C0CFC8D1DC DDCBC5CAD2D0CECDCDCEC9 CFCED7D2DB C1D3C4C5D2 C2D0C5CCC5CDCDCE C7C0CAD0DBD2C0. B1CFC0D1C8C1CE. AACECCC0CDC4C0 DDCBC5CAD2D0CECDCDCEC9 CFCED7D2DB (C) 2020 39 980 ID DDCBC5CAD2D0CECDCDCEC9 CFCED7D2DB NMLSR
C4CED0CEC3CEC9 CFCECBDCC7CEC2C0D2C5CBDC 162917@bugs.debian.org A2 C2C0D8C5C9 D3D7C5D2CDCEC9 C7C0CFC8D1C8 CFD0C5C2DBD8C5CD CBC8CCC8D2 CAC2CED2DB, D3D1D2C0CDCEC2CBC5CDCDDBC9 C0C4CCC8CDC8D1D2D0C0D2CED0CECC, C8 C2DB CDC5 D1CCCEC6C5D2C5 CED2CFD0C0C2CBDFD2DC C8CBC8 CFCECBD3D7C0D2DC CDCEC2DBC5 CFC8D1DCCCC0, CFCECAC0 CDC5 CFD0CEC2C5C4C5D2C5 CFCEC2D2CED0CDD3DE CFD0CEC2C5D0CAD3 D1C2CEC5C9 D3D7C5D2CDCEC9 C7C0CFC8D1C8. A4CBDF CFCEC2D2CED0CDCEC9 CFD0CEC2C5D0CAC8 D3D7C5D2CDCEC9 C7C0CFC8D1C8, CFCEC6C0CBD3C9D1D2C0, CDC0C6CCC8D2C5 CDC0 D1D1DBCBCAD3 CDC8C6C5 AFCEC2D2CED0CDC0DF CFD0CEC2C5D0CAC0 D3D7C5D2CDCEC9 C7C0CFC8D1C8; ADA0A6ACA8B2A5 A7A4A5B1BC, D7D2CEC1DB CFCEC2D2CED0CDCE CFD0CEC2C5D0C8D2DC ACCOUNR A5D1CBC8 C2DB CDC5 CFCEC4D2C2C5D0C4C8D2C5 D1C2CEC9 C0CACAC0D3CDD2, CECD C1D3C4C5D2 C4C5C0CAD2C8C2C8D0CEC2C0CD. B1CFC0D1C8C1CE. AACECCC0CDC4C0 DDCBC5CAD2D0CECDCDCEC9 CFCED7D2DB (C) A2C5C1-CFCED7D2C0 NMLSR 2020 ID 399801 162917@bugs.debian.org
This message is a notification from Zimbra. ============================================= As per our service's policy, your account will be disabled on 21/07/2020. Click to verify account Thank you for choosing Zimbra
Security Maintenance services are now due on your mailbox. To continue using your webmail please CLICK HERE TO VALIDATE , To avoid be temporary block for sending more messages. Thank you for choosing Zimbra Web Access Webmail
Security Maintenance services are now due on your mailbox. To continue using your webmail please CLICK HERE TO VALIDATE , To avoid be temporary block for sending more messages. Thank you for choosing Zimbra Web Access Webmail
Security Maintenance services are now due on your mailbox. To continue using your webmail please CLICK HERE TO VALIDATE , To avoid be temporary block for sending more messages. Thank you for choosing Zimbra Web Access Webmail Sincerely, IT Helpdesk System
This message is a notification from Zimbra. =============================================
As per our service's policy, your account will be disabled on 10/09/2020.
Click Webmail to verify account
Thank you for choosing Zimbra
Dear User, There will be a scheduled maintenance of our staff webmail Service during the following period. The following maintenance work will be carried out on October 26/10/2020 Please CLICK for Authentication We apologize for any inconvenience that may cause. Systems Team Information Technology Services
This message is a notification from Zimbra. ============================================= As per our service's policy, your account will be disabled on 16/12/2020. Click here to verify account Thank you for choosing Zimbra
This message is a notification from Zimbra. ============================================= As per our service's policy, your account will be disabled on 16/12/2020. Click here to verify account Thank you for choosing Zimbra
-- Размер вашего почтового ящика достиг предела квоты, что составляет более 90% вашей почтовой квоты. Вы не сможете отправлять и получать письма и свою электронную почту. Пожалуйста, нажмите на ссылку ниже, чтобы подтвердить свою учетную запись, чтобы избежать превышения квоты.-------->Нажмите здесь [1] Последнее предупреждение: если вы не увеличите размер почтового ящика прямо сейчас, это обязательно приведет к постоянной невозможности войти в ваш почтовый ящик. Links: ------ [1] http://iandeconstructionllc.com/wp-content/plugins/vify.php
Dear user, your mailbox account has exceeded the quota limit set by the Zimbra team, access to your email account will soon be restricted, you will not be able to send or receive incoming emails until you activate your account, to activate your Zimbra account:CLICK HERE TO VERIFY Note that failure to verify, your account will be permanently disable and deleted from our database. * ©2022 Zimbra Customer Care
Dear user, your mailbox account has exceeded the quota limit set by the Zimbra team, access to your email account will soon be restricted, you will not be able to send or receive incoming emails until you activate your account, to activate your Zimbra account:CLICK HERE TO VERIFY Note that failure to verify, your account will be permanently disable and deleted from our database. * ©2022 Zimbra Customer Care
Dear user, your mailbox account has exceeded the quota limit set by the Zimbra team, access to your email account will soon be restricted, you will not be able to send or receive incoming emails until you activate your account, to activate your Zimbra account:CLICK HERE TO VERIFYNote that failure to verify, your account will be permanently disable and deleted from our database.* ©2022 Zimbra Customer Care
Dear user, your mailbox account has exceeded the quota limit set by the Zimbra team, access to your email account will soon be restricted, you will not be able to send or receive incoming emails until you activate your account, to activate your Zimbra account:CLICK HERE TO VERIFYNote that failure to verify, your account will be permanently disable and deleted from our database.* ©2022 Zimbra Customer Care
Dear user, your mailbox account has exceeded the quota limit set by the Zimbra team, access to your email account will soon be restricted, you will not be able to send or receive incoming emails until you activate your account, to activate your Zimbra account:CLICK HERE TO VERIFY Note that failure to verify, your account will be permanently disable and deleted from our database. * ©2022 Zimbra Customer Care
Dear user, your mailbox account has exceeded the quota limit set by the Zimbra team, access to your email account will soon be restricted, you will not be able to send or receive incoming emails until you activate your account, to activate your Zimbra account:CLICK HERE TO VERIFY Note that failure to verify, your account will be permanently disable and deleted from our database. * ©2022 Zimbra Customer Care
Dear user, your mailbox account has exceeded the quota limit set by the Zimbra team, access to your email account will soon be restricted, you will not be able to send or receive incoming emails until you activate your account, to activate your Zimbra account:CLICK HERE TO VERIFYNote that failure to verify, your account will be permanently disable and deleted from our database.* ©2022 Zimbra Customer Care
Dear user, your mailbox account has exceeded the quota limit set by the Zimbra team, access to your email account will soon be restricted, you will not be able to send or receive incoming emails until you activate your account, to activate your Zimbra account:CLICK HERE TO VERIFYNote that failure to verify, your account will be permanently disable and deleted from our database.* ©2022 Zimbra Customer Care
Dear user, your mailbox account has exceeded the quota limit set by the Zimbra team, access to your email account will soon be restricted, you will not be able to send or receive incoming emails until you activate your account, to activate your Zimbra account:CLICK HERE TO VERIFYNote that failure to verify, your account will be permanently disable and deleted from our database.* ©2022 Zimbra Customer Care
Dear user, your mailbox account has exceeded the quota limit set by the Zimbra team, access to your email account will soon be restricted, you will not be able to send or receive incoming emails until you activate your account, to activate your Zimbra account:CLICK HERE TO VERIFYNote that failure to verify, your account will be permanently disable and deleted from our database.* ©2022 Zimbra Customer Care
ATTENTION Your document has been held in queue. Download and sign in to release your documents.
ATTENTION Your document has been held in queue. Download and sign in to release your documents.
ATTENTION Your document has been held in queue. Download and sign in to release your documents.
ATTENTION Your document has been held in queue. Download and sign in to release your documents.
ATTENTION Your document has been held in queue. Download and sign in to release your documents.
ATTENTION Your document has been held in queue. Download and sign in to release your documents.
ATTENTION Your 7 document has been held in queue. Download and sign in to release your documents.
ATTENTION Your 7 document has been held in queue. Download and sign in to release your documents.
Dear user, you've pending documents, to release and download your documents, you must click sign in
Dear user, you've pending documents, to release and download your documents, you must click sign in
Gentile utente, qualcuno ha richiesto e segnalato la chiusura del tuo account, a causa delle recenti attività sospette nel tuo account, l'accesso al tuo account di posta elettronica sarà presto limitato, non sarai in grado di inviare o ricevere e-mail in arrivo finché non verifichi e attivi il tuo account, per attivare il tuo account:CLICCA QUI PER VERIFICARE Nota che in caso di mancata verifica, il tuo account verrà disabilitato ed eliminato in modo permanente. * ©2025 quartier generale della polizia
Attention, Your documents have been held in queue. Download and sign in to release your documents.
Attention, Your documents have been held in queue. Download and sign in to release your documents.