#3880: integer overflow in date.c (mutt_mktime)
-----------------------+----------------------
Reporter: vinc17 | Owner: mutt-dev
Type: defect | Status: new
Priority: critical | Milestone:
Component: mutt | Version: 1.7.0
Resolution: | Keywords:
-----------------------+----------------------
Comment (by kevin8t8):
I'm trying to add this patch, but it is still giving the integer overflow
error.
Adding in some debugging, it looks like TM_YEAR_MAX is coming out as
291672108984 on my platform (amd64).
Patch as I entered it is:
{{{
diff --git a/date.c b/date.c
--- a/date.c
+++ b/date.c
@@ -58,26 +58,34 @@
t = time (NULL);
ptm = gmtime (&t);
/* need to make a copy because gmtime/localtime return a pointer to
static memory (grr!) */
memcpy (&utc, ptm, sizeof (utc));
return (compute_tz (t, &utc));
}
+/* theoretically time_t can be float but it is integer on most (if not
all) systems */
+#define TIME_T_MAX ((((time_t) 1 << (sizeof(time_t) * 8 - 2)) - 1) * 2 +
1)
+#define TM_YEAR_MAX (1970 + (((((TIME_T_MAX - 59) / 60) - 59) / 60) - 23)
/ 24 / 366)
+
/* converts struct tm to time_t, but does not take the local timezone
into
account unless ``local'' is nonzero */
time_t mutt_mktime (struct tm *t, int local)
{
time_t g;
static const int AccumDaysPerMonth[12] = {
0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
};
+ /* Prevent an integer overflow */
+ if(t->tm_year > TM_YEAR_MAX)
+ return TIME_T_MAX;
+
/* Compute the number of days since January 1 in the same year */
g = AccumDaysPerMonth [t->tm_mon % 12];
/* The leap years are 1972 and every 4. year until 2096,
* but this algorithm will fail after year 2099 */
g += t->tm_mday;
if ((t->tm_year % 4) || t->tm_mon < 2)
g--;
}}}
Did I do something wrong, or is the computation not correct?
--
Ticket URL: <https://dev.mutt.org/trac/ticket/3880#comment:13>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
