|
From: | Paul Eggert |
Subject: | Re: strftime() possible security/crash risk |
Date: | Sun, 12 Jun 2011 17:10:18 -0700 |
User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110516 Thunderbird/3.1.10 |
On 06/12/11 16:53, Steven Abner wrote: > The buf2 is not terminated allowing access to data beyond the buf2. That's how strftime is supposed to behave. Programs such as the test program that you gave are not safe. They must test the returned value before using the buffer. See http://pubs.opengroup.org/onlinepubs/9699919799/functions/strftime.html
[Prev in Thread] | Current Thread | [Next in Thread] |