1 From aa2ce32185b4477e659ed7c70d09c440610ef67b Mon Sep 17 00:00:00 2001
2 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
3 Date: Fri, 2 Feb 2018 12:44:15 +0100
4 Subject: [PATCH] Fix buffer size when formatting current date
5 MIME-Version: 1.0
6 Content-Type: text/plain; charset=UTF-8
7 Content-Transfer-Encoding: 8bit
8
9 gcc-8 and glibc-2.26.9000 reports this error:
10
11 server/log.c:64:54: error: '%03d' directive output may be truncated writing between 3 and 11 bytes into a region of size between 0 and 49 [-Werror=format-truncation=]
12 snprintf(current_date, sizeof(current_date), "%s.%03d", buf, (int)(1000 * (time-seconds)));
13 ^~~~
14
15 This patch fixes two mistakes in the get_current_date() function:
16
17 First strftime() can fail and then buf content is undefined. The patch
18 makes sure the buf content is properly null-termited.
19
20 Second if strftime() uses up the the whole buf array, no space will be
21 left for appending miliseconds to current_date value in the subsequent
22 snprintf() call. The patch increases current_data size so that things
23 will always fit.
24
25 In reality, all this should not matter because sane strftime() will
26 return fixed-lenght string. But for all the cases and for sake of the
27 compiler check this patch should be applied.
28
29 Signed-off-by: Petr Písař <ppisar@redhat.com>
30 ---
31 server/log.c | 6 ++++--
32 1 file changed, 4 insertions(+), 2 deletions(-)
33
34 diff --git a/server/log.c b/server/log.c
35 index 2fe7b7c..f696752 100644
36 --- a/server/log.c
37 +++ b/server/log.c
38 @@ -52,15 +52,17 @@ double get_current_time_exact(void)
39 return (double) now.tv_sec + now.tv_usec / 1e6; // bad bad idea to use float as precision is not down to the seconds then
40 }
41
42 -char current_date[50];
43 +char current_date[70];
44 char* get_current_date(void)
45 {
46 struct tm * lt;
47 char buf[50];
48 double time = get_current_time_exact();
49 time_t seconds = (time_t)time;
50 + size_t length;
51 lt = localtime(&seconds);
52 - strftime(buf, sizeof(buf), "%Y-%m-%d %H:%M:%S", lt);
53 + length = strftime(buf, sizeof(buf), "%Y-%m-%d %H:%M:%S", lt);
54 + buf[length] = '\0';
55 snprintf(current_date, sizeof(current_date), "%s.%03d", buf, (int)(1000 * (time-seconds)));
56 return current_date;
57 }
58 diff -up frozen-bubble-2.2.1-beta1/server/log.h~ frozen-bubble-2.2.1-beta1/server/log.h
59 --- frozen-bubble-2.2.1-beta1/server/log.h~ 2010-08-07 15:36:27.000000000 +0200
60 +++ frozen-bubble-2.2.1-beta1/server/log.h 2018-02-08 14:09:52.472451694 +0100
61 @@ -23,7 +23,7 @@
62 time_t get_current_time(void);
63 double get_current_time_exact(void);
64
65 -extern char current_date[50];
66 +extern char current_date[70];
67 char* get_current_date(void);
68
69 enum output_types { OUTPUT_TYPE_DEBUG, OUTPUT_TYPE_CONNECT, OUTPUT_TYPE_INFO, OUTPUT_TYPE_ERROR };
|
