From patchwork Mon May 22 18:32:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joe Simmons-Talbott X-Patchwork-Id: 1784608 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=8.43.85.97; helo=sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256 header.s=default header.b=PRAoV8O0; dkim-atps=neutral Received: from sourceware.org (ip-8-43-85-97.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4QQ5g14dGLz20PY for ; Tue, 23 May 2023 04:33:17 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 4E2DB3858415 for ; Mon, 22 May 2023 18:33:15 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 4E2DB3858415 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1684780395; bh=sqJnByBek6Oc7Ueg8mRuppwLKerjXIezxwmKZb6jt+U=; h=To:Cc:Subject:Date:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:From:Reply-To:From; b=PRAoV8O0kmQxIvqnf849jbE7KO+8dQUkrb77fnxGMUT63dKEj0njIl1ltK/KsSfuV AA93lB8nSp0tevfH2DQm65Yoeg0Cs2I46UtAd0sHPX9rBWI3rFd+oGGrYYOUtNdcJH r3EE1pmQ/2py1kmmtn0SZ3L3U6eZyDLExp3c1wp0= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTPS id 524393858D35 for ; Mon, 22 May 2023 18:32:51 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 524393858D35 Received: from mail-qk1-f197.google.com (mail-qk1-f197.google.com [209.85.222.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-546-iXvwKhGhMp6LVyG5Q87wVg-1; Mon, 22 May 2023 14:32:49 -0400 X-MC-Unique: iXvwKhGhMp6LVyG5Q87wVg-1 Received: by mail-qk1-f197.google.com with SMTP id af79cd13be357-75b012668d3so307905785a.0 for ; Mon, 22 May 2023 11:32:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684780368; x=1687372368; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=sqJnByBek6Oc7Ueg8mRuppwLKerjXIezxwmKZb6jt+U=; b=Y36mGLam83pH6LiazyPZBV+7J+/dODzkSbP2v7TMWIdJaRpVhAY+Lkjlcrj5Hf2YPq waindIlnVPunx2SUEGYez5nyroU7DuT5/FsztT+wXN7TpHTyUPRH3sKZMKX05f/PGhLV IoYUj51VnSg+YrVjkvmLHm9HfJ2SpwdmmL712QsQE8YNffsdP2SPmfpHTY7ACoMMQ9GL EJzUUw2xD3IHnjO68yWlyrsNyL/SiZxnT6n35gTmTZ0I4ULyiNZZmAzDrnwm9nFC+pG/ BO7i2iIWBfG3TfpBT7RxHEPBjz8a4RchPJ/ujUexZfaC4h5OGD37iSIRiHhaGZfH2ekm 0Hiw== X-Gm-Message-State: AC+VfDwsex6z+XNMqrztZO75l1hFR/G+w+L2jxh4KE6OASgsFOsiM8uM MccHKHJKgf64hDZDX79vqsuZG8KcOjvWZLd3pN+5+svcb7IgaaEPqWcoeYCl2/+gNlJlVpVV1SO 2zsmCU9dDeVmbUtBXiwkCnx8hd8Fk46neALXoCPmj1snD4OA6d/LJzftgAIbgWDRXt6SvdWiP6D 8SMkZo X-Received: by 2002:a37:aa8b:0:b0:75b:23a1:449 with SMTP id t133-20020a37aa8b000000b0075b23a10449mr1747587qke.15.1684780368677; Mon, 22 May 2023 11:32:48 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5uZfOYqYea8UZ7d+uNF8FaHTqE5+boEfaPr+ex/ItOHiRjYNgGT/ACTjpObORvKIAibLQ7aQ== X-Received: by 2002:a37:aa8b:0:b0:75b:23a1:449 with SMTP id t133-20020a37aa8b000000b0075b23a10449mr1747566qke.15.1684780368331; Mon, 22 May 2023 11:32:48 -0700 (PDT) Received: from oak.redhat.com (c-71-206-142-238.hsd1.va.comcast.net. [71.206.142.238]) by smtp.gmail.com with ESMTPSA id d24-20020a05620a159800b007596a2359f7sm1889845qkk.120.2023.05.22.11.32.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 May 2023 11:32:47 -0700 (PDT) To: libc-alpha@sourceware.org Cc: Joe Simmons-Talbott , Paul Eggert Subject: [PATCH] time: strftime_l: Avoid an unbounded alloca. Date: Mon, 22 May 2023 14:32:45 -0400 Message-Id: <20230522183245.4161004-1-josimmon@redhat.com> X-Mailer: git-send-email 2.40.0 MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-12.1 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NONE, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Joe Simmons-Talbott via Libc-alpha From: Joe Simmons-Talbott Reply-To: Joe Simmons-Talbott Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org Sender: "Libc-alpha" Avoid possible stack overflow by removing alloca() and converting to wide characters within the buffer. Suggested-by: Paul Eggert --- Supersedes: https://sourceware.org/pipermail/libc-alpha/2023-May/147996.html time/strftime_l.c | 39 +++++++++++++++++++++++++-------------- 1 file changed, 25 insertions(+), 14 deletions(-) diff --git a/time/strftime_l.c b/time/strftime_l.c index 402c6c4111..bb8e9e7f25 100644 --- a/time/strftime_l.c +++ b/time/strftime_l.c @@ -267,15 +267,6 @@ static const CHAR_T zeroes[16] = /* "0000000000000000" */ # undef __mbsrtowcs_l # define __mbsrtowcs_l(d, s, l, st, loc) __mbsrtowcs (d, s, l, st) # endif -# define widen(os, ws, l) \ - { \ - mbstate_t __st; \ - const char *__s = os; \ - memset (&__st, '\0', sizeof (__st)); \ - l = __mbsrtowcs_l (NULL, &__s, 0, &__st, loc); \ - ws = alloca ((l + 1) * sizeof (wchar_t)); \ - (void) __mbsrtowcs_l (ws, &__s, l, &__st, loc); \ - } #endif @@ -1342,11 +1333,31 @@ __strftime_internal (CHAR_T *s, size_t maxsize, const CHAR_T *format, #ifdef COMPILE_WIDE { /* The zone string is always given in multibyte form. We have - to transform it first. */ - wchar_t *wczone; - size_t len; - widen (zone, wczone, len); - cpy (len, wczone); + to convert it to wide character. */ + size_t w = pad == L_('-') || width < 0 ? 0 : width; + char const *z = zone; + mbstate_t st = {0}; + size_t len = __mbsrtowcs_l (p, &z, maxsize - i, &st, loc); + if (len == (size_t) -1) + return 0; + size_t incr = len < w ? w : len; + if (incr >= maxsize - i) + { + errno = ERANGE; + return 0; + } + if (p) + { + if (len < w) + { + size_t delta = w - len; + wmemmove (p + delta, p, len); + wchar_t wc = pad == L_('0') || pad == L_('+') ? L'0' : L' '; + wmemset (p, wc, delta); + } + p += incr; + } + i += incr; } #else cpy (strlen (zone), zone);