"Roy T. Fielding" <[EMAIL PROTECTED]> writes: >> Is the function supposed to validate it's input? If the user supplies >> a large, positive or negative, value for xt->tm_year then the >> calculation may overflow. If the user supplies an xt->tm_mon outside >> the range 0-11 the function will read arbitrary memory. > > How is the "user" going to do that? Do you mean the API caller?
Yes, I meant the API caller. > They could just as easily read arbitrary memory on their own. I was concerned about the potential for the read to cause a SEGV. > AFAIK, none of the APR routines do input validation, though it > might be good if they provided a single call to validate the > tm structure. Should all the checks that return APR_EBADDATE be removed if the function is supposed to assume valid input? It doesn't seem useful for the function to trap only a subset of the invalid inputs, and to do it only after an operation that could SEGV. -- Philip Martin
