bug-gnulib
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: strftime() possible security/crash risk


From: Paul Eggert
Subject: Re: strftime() possible security/crash risk
Date: Sun, 12 Jun 2011 17:10:18 -0700
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110516 Thunderbird/3.1.10

On 06/12/11 16:53, Steven Abner wrote:
> The buf2 is not terminated allowing access to data beyond the buf2.

That's how strftime is supposed to behave.  Programs such
as the test program that you gave are not safe.  They must
test the returned value before using the buffer.

See

http://pubs.opengroup.org/onlinepubs/9699919799/functions/strftime.html



reply via email to

[Prev in Thread] Current Thread [Next in Thread]