fix: Validate tm put into strftime (#510)

getsentry · Apr 9, 2021 · babae96 · babae96
1 parent 43c8d9d
commit babae96
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/src/sentry_utils.c b/src/sentry_utils.c
@@ -367,6 +367,12 @@ sentry__msec_time_to_iso8601(uint64_t time)
     struct tm tm_buf;
     tm = gmtime_r(&secs, &tm_buf);
 #endif
+    // It might as well be that the `time` parameter is broken in some way and
+    // would create a broken `tm` that then later causes formatting issues. We
+    // have seen super strange timestamps in some event payloads.
+    if (!tm || tm->tm_year > 9000) {
+        return NULL;
+    }
     size_t written = strftime(buf, buf_len, "%Y-%m-%dT%H:%M:%S", tm);
     if (written == 0) {
         return NULL;

diff --git a/src/sentry_value.c b/src/sentry_value.c
@@ -911,6 +911,9 @@ sentry_value_to_msgpack(sentry_value_t value, size_t *size_out)
 sentry_value_t
 sentry__value_new_string_owned(char *s)
 {
+    if (!s) {
+        return sentry_value_new_null();
+    }
     sentry_value_t rv
         = new_thing_value(s, THING_TYPE_STRING | THING_TYPE_FROZEN);
     if (sentry_value_is_null(rv)) {