-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix a stack-buffer-overflow within approxidate.c #720
Comments
@grondo suggested: Just as an experiment I wonder if this would quiet AddressSanitizer: diff --git a/src/common/libutil/approxidate.c b/src/common/libutil/approxidate.c
index e2b2bd6..9d0e0d2 100644
--- a/src/common/libutil/approxidate.c
+++ b/src/common/libutil/approxidate.c
@@ -20,15 +20,7 @@
* but adds a field for usec.
*/
struct atm {
- int tm_sec;
- int tm_min;
- int tm_hour;
- int tm_mday;
- int tm_mon;
- int tm_year;
- int tm_wday;
- int tm_yday;
- int tm_isdst;
+ struct tm;
long tm_usec;
}; With the version of GCC I'm using, for this to work requires It would be interesting to know if this resolves the issue for ASan. |
Thanks @dongahn, I was seeing failures in approxidate tests too (due to lazy use of timezone setting I think), and since we only use approxidate right now for cronodate tests, I'm going to submit a PR that adapts those tests and removes approxidate. |
I am creating a separate issue for a problem found in #694. AddressSanitizer produced the following report and this was confirmed to be a true positive.
From
time.h
:So,
struct tm
may have more fields than what's explained in the man page:Given the augmented tm structure at here,
mktemp
actually appear to overflow the buffer. But it turned out when I fix it by adding these two hidden fields to thestruct atm
:Interestingly enough,
test_approxidate.t
However,test_approxidate.t
fails with a similar symptom reported in Issue #715.The text was updated successfully, but these errors were encountered: