handle strftime() more defensively

Null terminating the result is not necessary under the assumption
that the function works as advertised since we start out with a
zeroed buffer. Thus drop the calculation based on its return
value and null terminate the final byte instead -- after all if
the function should be borked we have no idea where the
terminator should go.

Also error out if it returns zero since the ISO time format cannot
result in the empty string.

diff --git a/src/timefunc.cpp b/src/timefunc.cpp
index 69a50fb..88e6c33 100644 (file)
--- a/src/timefunc.cpp
+++ b/src/timefunc.cpp
@@ -892,10 +892,13 @@ std::string format_iso8601 (const struct tm &tm, const bool date,
     /*
      * The sign is *always* handled above so the formatted string here
      * is always one character shorter.
-     * */
-    const size_t n = strftime (start, iso8601::bufsize-1, format, &tmp);
+     */
+    if (strftime (start, iso8601::bufsize-1, format, &tmp) == 0)
+    {
+        return std::string ();
+    }
 
-    buf [n+1] = '\0';
+    buf [iso8601::bufsize-1] = '\0'; /* Just in case. */
 
     return std::string (buf);
 }