From 0ed06c55c442f0ef2ba1ac32b8420bb595c0b98d Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sun, 20 Mar 2011 23:59:29 -0700 Subject: [PATCH] strftime: don't assume a byte count fits in 'int' * lib/strftime.c (add): Don't assume first arg fits in 'int'. I found this problem by static analysis, using gcc -Wstrict-overflow (GCC 4.5.2, x86-64). This reported an optimization that depended on an integer overflow having undefined behavior, but it turns out that the argument is a size, which might not fit in 'int' anyway, 2011-03-20 Paul Eggert --- ChangeLog | 9 +++++++++ lib/strftime.c | 10 +++++----- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 168a6e9a9..3b24b8b2e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,14 @@ 2011-03-20 Paul Eggert + strftime: don't assume a byte count fits in 'int' + * lib/strftime.c (add): Don't assume first arg fits in 'int'. I + found this problem by static analysis, using gcc -Wstrict-overflow + (GCC 4.5.2, x86-64). This reported an optimization that depended + on an integer overflow having undefined behavior, but it turns out + that the argument is a size, which might not fit in 'int' anyway, + +2011-03-20 Paul Eggert + stdio: don't require ignore_value around fwrite This patch works around libc bug 11959 diff --git a/lib/strftime.c b/lib/strftime.c index 0a02b5077..95d5beeb8 100644 --- a/lib/strftime.c +++ b/lib/strftime.c @@ -172,15 +172,15 @@ extern char *tzname[]; #define add(n, f) \ do \ { \ - int _n = (n); \ - int _delta = width - _n; \ - int _incr = _n + (_delta > 0 ? _delta : 0); \ - if ((size_t) _incr >= maxsize - i) \ + size_t _n = (n); \ + size_t _incr = _n < width ? width : _n; \ + if (_incr >= maxsize - i) \ return 0; \ if (p) \ { \ - if (digits == 0 && _delta > 0) \ + if (digits == 0 && _n < width) \ { \ + size_t _delta = width - _n; \ if (pad == L_('0')) \ memset_zero (p, _delta); \ else \ -- 2.11.0