108 lines
3.3 KiB
Diff
108 lines
3.3 KiB
Diff
commit ed647df512786b3c94429dd5c864715301e03ea5
|
|
Author: Ethan A Merritt <merritt@u.washington.edu>
|
|
Date: Tue Mar 11 16:31:23 2025 -0700
|
|
|
|
guard against trying to format a huge number as a time
|
|
|
|
The time formatting code does not handle time_in_seconds > 1.e12
|
|
(sometime in the year 33658).
|
|
|
|
Bug 2779
|
|
|
|
diff --git src/mouse.c src/mouse.c
|
|
index ba0609290..a6110f5ff 100644
|
|
--- src/mouse.c
|
|
+++ src/mouse.c
|
|
@@ -619,6 +619,11 @@ static char *
|
|
xDateTimeFormat(double x, char *b, int mode)
|
|
{
|
|
struct tm tm;
|
|
+ if (fabs(x) > 1.e12) { /* Some time in the year 33688 */
|
|
+ int_warn(NO_CARET, "time value out of range");
|
|
+ *b = '\0';
|
|
+ return b;
|
|
+ }
|
|
|
|
switch (mode) {
|
|
case MOUSE_COORDINATES_XDATE:
|
|
commit 3270021820ff6ac7a6d77b77fe69777129937994
|
|
Author: Ethan A Merritt <merritt@u.washington.edu>
|
|
Date: Wed Mar 12 19:56:13 2025 -0700
|
|
|
|
check valid range on time value before trying to format it
|
|
|
|
Absurdly large time values (number of seconds) cause failures in the
|
|
routines that populate a time structure and format the result.
|
|
The program does complain about an invalid time value but only
|
|
after the failures have already occurred.
|
|
E.g.
|
|
print strftime("%Y", 1.e14)
|
|
|
|
Now a check for fabs(time) > 1.e12 is the first thing in f_strftime().
|
|
|
|
Bug 2779
|
|
|
|
diff --git src/internal.c src/internal.c
|
|
index 53be8d409..2d8812e49 100644
|
|
--- src/internal.c
|
|
+++ src/internal.c
|
|
@@ -1905,30 +1905,37 @@ f_strftime(union argument *arg)
|
|
int_error(NO_CARET,
|
|
"First parameter to strftime must be a format string");
|
|
|
|
- /* Prepare format string.
|
|
- * Make sure the resulting string not empty by adding a space.
|
|
- * Otherwise, the return value of gstrftime doesn't give enough
|
|
- * information.
|
|
- */
|
|
- fmtlen = strlen(fmt.v.string_val) + 1;
|
|
- fmtstr = gp_alloc(fmtlen + 1, "f_strftime: fmt");
|
|
- strncpy(fmtstr, fmt.v.string_val, fmtlen);
|
|
- strncat(fmtstr, " ", fmtlen);
|
|
- buflen = 80 + 2*fmtlen;
|
|
- buffer = gp_alloc(buflen, "f_strftime: buffer");
|
|
-
|
|
- /* Get time_str */
|
|
- length = gstrftime(buffer, buflen, fmtstr, real(&val));
|
|
- if (length == 0 || length >= buflen)
|
|
- int_error(NO_CARET, "String produced by time format is too long");
|
|
-
|
|
- /* Remove trailing space */
|
|
- assert(buffer[length-1] == ' ');
|
|
- buffer[length-1] = NUL;
|
|
+ /* Range check */
|
|
+ if (!(fabs(real(&val)) < 1.e12)) {
|
|
+ int_warn(NO_CARET, "time value out of range");
|
|
+ buffer = strdup(" ");
|
|
+
|
|
+ } else {
|
|
+ /* Prepare format string.
|
|
+ * Make sure the resulting string not empty by adding a space.
|
|
+ * Otherwise, the return value of gstrftime doesn't give enough
|
|
+ * information.
|
|
+ */
|
|
+ fmtlen = strlen(fmt.v.string_val) + 1;
|
|
+ fmtstr = gp_alloc(fmtlen + 1, "f_strftime: fmt");
|
|
+ strncpy(fmtstr, fmt.v.string_val, fmtlen);
|
|
+ strncat(fmtstr, " ", fmtlen);
|
|
+ buflen = 80 + 2*fmtlen;
|
|
+ buffer = gp_alloc(buflen, "f_strftime: buffer");
|
|
+
|
|
+ /* Get time_str */
|
|
+ length = gstrftime(buffer, buflen, fmtstr, real(&val));
|
|
+ if (length == 0 || length >= buflen)
|
|
+ int_error(NO_CARET, "String produced by time format is too long");
|
|
+
|
|
+ /* Remove trailing space */
|
|
+ assert(buffer[length-1] == ' ');
|
|
+ buffer[length-1] = NUL;
|
|
+ free(fmtstr);
|
|
+ }
|
|
|
|
gpfree_string(&val);
|
|
gpfree_string(&fmt);
|
|
- free(fmtstr);
|
|
|
|
push(Gstring(&val, buffer));
|
|
free(buffer);
|