[PATCH] strftime: don't assume a byte count fits in 'int'

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] strftime: don't assume a byte count fits in 'int'

From:	Paul Eggert
Subject:	[PATCH] strftime: don't assume a byte count fits in 'int'
Date:	Mon, 21 Mar 2011 00:01:37 -0700
User-agent:	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.14) Gecko/20110223 Thunderbird/3.1.8

* lib/strftime.c (add): Don't assume first arg fits in 'int'.  I
found this problem by static analysis, using gcc -Wstrict-overflow
(GCC 4.5.2, x86-64).  This reported an optimization that depended
on an integer overflow having undefined behavior, but it turns out
that the argument is a size, which might not fit in 'int' anyway,

2011-03-20  Paul Eggert  <address@hidden>
---
 ChangeLog      |    9 +++++++++
 lib/strftime.c |   10 +++++-----
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 168a6e9..3b24b8b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,14 @@
 2011-03-20  Paul Eggert  <address@hidden>
 
+       strftime: don't assume a byte count fits in 'int'
+       * lib/strftime.c (add): Don't assume first arg fits in 'int'.  I
+       found this problem by static analysis, using gcc -Wstrict-overflow
+       (GCC 4.5.2, x86-64).  This reported an optimization that depended
+       on an integer overflow having undefined behavior, but it turns out
+       that the argument is a size, which might not fit in 'int' anyway,
+
+2011-03-20  Paul Eggert  <address@hidden>
+
        stdio: don't require ignore_value around fwrite
 
        This patch works around libc bug 11959
diff --git a/lib/strftime.c b/lib/strftime.c
index 0a02b50..95d5bee 100644
--- a/lib/strftime.c
+++ b/lib/strftime.c
@@ -172,15 +172,15 @@ extern char *tzname[];
 #define add(n, f)                                                             \
   do                                                                          \
     {                                                                         \
-      int _n = (n);                                                           \
-      int _delta = width - _n;                                                \
-      int _incr = _n + (_delta > 0 ? _delta : 0);                             \
-      if ((size_t) _incr >= maxsize - i)                                      \
+      size_t _n = (n);                                                        \
+      size_t _incr = _n < width ? width : _n;                                 \
+      if (_incr >= maxsize - i)                                               \
         return 0;                                                             \
       if (p)                                                                  \
         {                                                                     \
-          if (digits == 0 && _delta > 0)                                      \
+          if (digits == 0 && _n < width)                                      \
             {                                                                 \
+              size_t _delta = width - _n;                                     \
               if (pad == L_('0'))                                             \
                 memset_zero (p, _delta);                                      \
               else                                                            \
-- 
1.7.4

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] strftime: don't assume a byte count fits in 'int', Paul Eggert <=

Prev by Date: Re: stdio: don't require ignore_value around fwrite
Next by Date: [PATCH 2/2] strftime: fix a bug in yesterday's change
Previous by thread: verror.h should use _GL_ATTRIBUTE_FORMAT
Next by thread: [PATCH 2/2] strftime: fix a bug in yesterday's change
Index(es):
- Date
- Thread