Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20160724153416.GN15995@brightrain.aerifal.cx>
Date: Sun, 24 Jul 2016 11:34:16 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: strftime sets errno to 22

On Sun, Jul 24, 2016 at 09:59:26AM +0300, Alexander Monakov wrote:
> On Sat, 23 Jul 2016, Rich Felker wrote:
> > With that said, at the time this was reported on IRC I looked for the
> > cause of errno being set to EINVAL and didn't see it. It might be nice
> > to know why it's happening, just in case some unintended code paths
> > with nontrivial cost are getting pulled in.
> 
> nsz mentioned on irc it's from strtoul call (when no digits are seen).

It looks like this is something that should be fixed, just because
calling strtoul without checking isdigit allows invalid formats to be
accepted (strtoul consumes leading whitespace and signs, both of which
are unwatned). Probably we want:

-		width = strtoul(f, &p, 10);
+		width = isdigit(*f) ? strtoul(f, &p, 10) : 0;

Thoughts?

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.