Skip to content

Fix segmentation fault on strftime/1 and strflocaltime/1 #3271

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Mar 4, 2025
Merged

Fix segmentation fault on strftime/1 and strflocaltime/1 #3271

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 18 additions & 25 deletions src/builtin.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,21 +8,6 @@
#include <sys/time.h>
#include <stdlib.h>
#include <stddef.h>
#ifdef HAVE_ALLOCA_H
# include <alloca.h>
#elif !defined alloca
# ifdef __GNUC__
# define alloca __builtin_alloca
# elif defined _MSC_VER
# include <malloc.h>
# define alloca _alloca
# elif !defined HAVE_ALLOCA
# ifdef __cplusplus
extern "C"
# endif
void *alloca (size_t);
# endif
#endif
#include <assert.h>
#include <ctype.h>
#include <limits.h>
Expand Down Expand Up @@ -1758,16 +1743,16 @@ static jv f_strftime(jq_state *jq, jv a, jv b) {
return ret_error(b, jv_string("strftime/1 requires parsed datetime inputs"));

const char *fmt = jv_string_value(b);
size_t alloced = strlen(fmt) + 100;
char *buf = alloca(alloced);
size_t max_size = strlen(fmt) + 100;
char *buf = jv_mem_alloc(max_size);
#ifdef __APPLE__
/* Apple Libc (as of version 1669.40.2) contains a bug which causes it to
* ignore the `tm.tm_gmtoff` in favor of the global timezone. To print the
* proper timezone offset we temporarily switch the TZ to UTC. */
char *tz = (tz = getenv("TZ")) != NULL ? strdup(tz) : NULL;
setenv("TZ", "UTC", 1);
#endif
size_t n = strftime(buf, alloced, fmt, &tm);
size_t n = strftime(buf, max_size, fmt, &tm);
#ifdef __APPLE__
if (tz) {
setenv("TZ", tz, 1);
Expand All @@ -1778,9 +1763,13 @@ static jv f_strftime(jq_state *jq, jv a, jv b) {
#endif
jv_free(b);
/* POSIX doesn't provide errno values for strftime() failures; weird */
if (n == 0 || n > alloced)
if ((n == 0 && *fmt) || n > max_size) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ugg strftime error handling seems like a mess 😬 so n == 0 might mean error but we only conceder it an error if the format string is not empty? reading the man page it seems %p usage might also return 0?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Year, ugly. Hope we can handle error properly but it does not set errno. I think using %p only for the format is very rare use case.

free(buf);
return jv_invalid_with_msg(jv_string("strftime/1: unknown system failure"));
return jv_string(buf);
}
jv ret = jv_string_sized(buf, n);
free(buf);
return ret;
}
#else
static jv f_strftime(jq_state *jq, jv a, jv b) {
Expand All @@ -1803,14 +1792,18 @@ static jv f_strflocaltime(jq_state *jq, jv a, jv b) {
if (!jv2tm(a, &tm, 1))
return ret_error(b, jv_string("strflocaltime/1 requires parsed datetime inputs"));
const char *fmt = jv_string_value(b);
size_t alloced = strlen(fmt) + 100;
char *buf = alloca(alloced);
size_t n = strftime(buf, alloced, fmt, &tm);
size_t max_size = strlen(fmt) + 100;
char *buf = jv_mem_alloc(max_size);
size_t n = strftime(buf, max_size, fmt, &tm);
jv_free(b);
/* POSIX doesn't provide errno values for strftime() failures; weird */
if (n == 0 || n > alloced)
if ((n == 0 && *fmt) || n > max_size) {
free(buf);
return jv_invalid_with_msg(jv_string("strflocaltime/1: unknown system failure"));
return jv_string(buf);
}
jv ret = jv_string_sized(buf, n);
free(buf);
return ret;
}
#else
static jv f_strflocaltime(jq_state *jq, jv a, jv b) {
Expand Down
Loading