From cb5f6477e5134d78b0d336ff9c8c91750483dc7a Mon Sep 17 00:00:00 2001 From: Philipp Gesang Date: Thu, 4 Apr 2019 16:26:09 +0200 Subject: [PATCH] handle strftime() more defensively Null terminating the result is not necessary under the assumption that the function works as advertised since we start out with a zeroed buffer. Thus drop the calculation based on its return value and null terminate the final byte instead -- after all if the function should be borked we have no idea where the terminator should go. Also error out if it returns zero since the ISO time format cannot result in the empty string. --- src/timefunc.cpp | 9 ++++++--- 1 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/timefunc.cpp b/src/timefunc.cpp index 69a50fb..88e6c33 100644 --- a/src/timefunc.cpp +++ b/src/timefunc.cpp @@ -892,10 +892,13 @@ std::string format_iso8601 (const struct tm &tm, const bool date, /* * The sign is *always* handled above so the formatted string here * is always one character shorter. - * */ - const size_t n = strftime (start, iso8601::bufsize-1, format, &tmp); + */ + if (strftime (start, iso8601::bufsize-1, format, &tmp) == 0) + { + return std::string (); + } - buf [n+1] = '\0'; + buf [iso8601::bufsize-1] = '\0'; /* Just in case. */ return std::string (buf); } -- 1.7.1