Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20161108035714.GH1555@brightrain.aerifal.cx>
Date: Mon, 7 Nov 2016 22:57:14 -0500
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: [PATCH v2] fix integer overflow of tm_year in __secs_to_tm

On Mon, Nov 07, 2016 at 10:40:52PM -0500, Daniel Sabogal wrote:
> On Mon, Nov 7, 2016 at 12:09 PM, Rich Felker <dalias@...c.org> wrote:
> > On Wed, Nov 02, 2016 at 10:29:36PM -0400, Daniel Sabogal wrote:
> >> From: Daniel Sabogal <dsabogal@....edu>
> >>
> >> the overflow check for years+100 did not account for the extra
> >> year computed from the remaining months. instead, perform this
> >> check after obtaining the final number of years.
> >> ---
> >> v2: Subtract 12 from months, not 10.
> >
> > Thanks. I almost accepted the old patch with the error. Maybe in the
> > future consider including a test case with the patch.
> 
> I provided a sample program within the patch.
> Did you have something else in mind for test cases?

Admittedly I missed it somehow, but I guess to call it a test case I'd
want to see expected results and a justification for them. In this
case diff of old vs new output for various inputs would have caught
the bug in v1.

It might be nice to have a test in libc-test that just runs a bunch of
time_t-tm-time_t and tm-time_t-tm round trips for random inputs and
checks that they round-trip successfully...

> > I don't want to make testcases a prerequisite for bug fixes because
> > that leads to bugs going unfixed for a long time, but perhaps for
> > obscure issues like this unlikely to be hit in real-world use, it
> > would be good to strongly encourage submission of test cases with
> > patches.
> 
> I agree.

...but the above ideas are getting well beyond what I'd want to impose
on bug reporters/minor patch authors. So it's more just brainstorming
about the tests that would be helpful for someone with the time to
help with testing to implement.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.