Ubuntu
glibc package

[fixed in 2.6] strptime() segfaults on certain date formats

Bug #50563 reported by Ian Chiew
6
Affects Status Importance Assigned to Milestone
GLibC
Fix Released
Medium
glibc (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

This segfaults on Ubuntu Dapper:

#define _XOPEN_SOURCE
#include <time.h>
int main() {
  struct tm tm;
  strptime("2004", "%Y", &tm); /* Segfault. */
  return 0;
}

This does not:

#define _XOPEN_SOURCE
#include <time.h>
int main() {
  struct tm tm;
  strptime("2004-01-01", "%Y-%m-%d", &tm); /* OK. */
  strptime("2004-01", "%Y-%m", &tm); /* OK. */
  return 0;
}

Internally, strptime() sets up a "struct tm" when parsing the date string. If both the month and day-of-month are not present, two fields in that struct are left uninitialized, and the segfault occurs when the uninitialized values are used in an array lookup in time/strptime_l.c:day_of_the_week().

I have a patch for this, but cannot be sure that it works, because I don't have enough disk space or CPU time for a glibc build.

See original description
Ian Chiew (ianc)
description: updated
Revision history for this message
Vassilis Pandis (pandisv) wrote :

I can confirm this as well.

Changed in glibc:
importance: Untriaged → Medium
status: Unconfirmed → Confirmed
Revision history for this message
Vassilis Pandis (pandisv) wrote :

Sorry, I confirmed it with glibc 2.4-1ubuntu9 on current edgy.

Revision history for this message
Vassilis Pandis (pandisv) wrote :

Can you please attach your patch to this bug report?

Revision history for this message
Vassilis Pandis (pandisv) wrote :

Still an issue on Feisty. Again, the patch would be greatly appreciated.

Revision history for this message
In , Vassilis Pandis (pandisv) wrote :

Hello,

this is a bug originally reported at https://bugs.launchpad.net/bugs/50563 . An
Ubuntu user reported the following:

"This segfaults on Ubuntu Dapper:

#define _XOPEN_SOURCE
#include <time.h>
int main() {
  struct tm tm;
  strptime("2004", "%Y", &tm); /* Segfault. */
  return 0;
}

This does not:

#define _XOPEN_SOURCE
#include <time.h>
int main() {
  struct tm tm;
  strptime("2004-01-01", "%Y-%m-%d", &tm); /* OK. */
  strptime("2004-01", "%Y-%m", &tm); /* OK. */
  return 0;
}

Internally, strptime() sets up a "struct tm" when parsing the date string. If
both the month and day-of-month are not present, two fields in that struct are
left uninitialized, and the segfault occurs when the uninitialized values are
used in an array lookup in time/strptime_l.c:day_of_the_week().

I have a patch for this, but cannot be sure that it works, because I don't have
enough disk space or CPU time for a glibc build."

Unfortunately, we haven't been able to contact the user for a patch. At any
rate, it would be nice if this were fixed. Thanks!

Revision history for this message
Vassilis Pandis (pandisv) wrote :

Forwarded upstream, see http://sources.redhat.com/bugzilla/show_bug.cgi?id=3944

Revision history for this message
In , Drepper-fsp (drepper-fsp) wrote :

Fixed in cvs.

Matthias Klose (doko)
Changed in glibc:
status: Confirmed → Fix Committed
Bug Watch Updater (bug-watch-updater)
Changed in glibc:
status: Unknown → Fix Released
Revision history for this message
Tristan Cragnolini (tri-cragno) wrote :

This bug has now been fixed, changing the status has "Fix Released"

Changed in glibc:
status: Fix Committed → Fix Released
Revision history for this message
In , Cvs-commit (cvs-commit) wrote :

Subject: Bug 3944

CVSROOT: /cvs/glibc
Module name: libc
Branch: glibc-2_5-branch
Changes by: <email address hidden> 2007-07-12 14:50:42

Modified files:
 . : ChangeLog
 time : Makefile strptime_l.c
Added files:
 time : tst-strptime3.c

Log message:
 2007-02-08 Jakub Jelinek <email address hidden>

 [BZ #3944]
 * time/strptime_l.c (__strptime_internal): Set have_mon for
 %b/%B/%h. Set have_mon and have_mday if tm_mon and tm_mday
 have been computed from tm_yday and tm_year. Don't crash
 in day_of_the_week or day_of_the_year if not have_mon
 and tm_mon contains bogus value.
 * time/Makefile (tests): Add tst-strptime3.
 * time/tst-strptime3.c: New test.

Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/libc/ChangeLog.diff?cvsroot=glibc&only_with_tag=glibc-2_5-branch&r1=1.10362.2.40&r2=1.10362.2.41
http://sourceware.org/cgi-bin/cvsweb.cgi/libc/time/tst-strptime3.c.diff?cvsroot=glibc&only_with_tag=glibc-2_5-branch&r1=NONE&r2=1.1.6.1
http://sourceware.org/cgi-bin/cvsweb.cgi/libc/time/Makefile.diff?cvsroot=glibc&only_with_tag=glibc-2_5-branch&r1=1.110&r2=1.110.2.1
http://sourceware.org/cgi-bin/cvsweb.cgi/libc/time/strptime_l.c.diff?cvsroot=glibc&only_with_tag=glibc-2_5-branch&r1=1.7&r2=1.7.2.1

Bug Watch Updater (bug-watch-updater)
Changed in glibc:
importance: Unknown → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.