From: Dan Albert Date: Tue, 7 Oct 2014 18:07:53 +0000 (-0700) Subject: Use snprintf instead of sprintf. X-Git-Tag: android-x86-7.1-r1~757^2~584^2 X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=b0fd55608e707b3e9b5c2937537414be7d098afd;p=android-x86%2Fbionic.git Use snprintf instead of sprintf. At -O0, the attribute warning on sprintf is actually triggered (why doesn't this happen with -Os?!) and promoted to an error by -Werror. asctime64_r() is a non-standard function, but the IBM docs state that the buffer is assumed to be at least 26 characters wide, and the format string does limit to that (assuming a 4 digit year, also defined by the IBM docs). http://www-01.ibm.com/support/knowledgecenter/SSLTBW_2.1.0/com.ibm.zos.v2r1.bpxbd00/asctimer.htm Change-Id: I1c884474a769aa16c53e985c3d8d694c478c1189 --- diff --git a/libc/bionic/time64.c b/libc/bionic/time64.c index 95dfab539..da38bf3b6 100644 --- a/libc/bionic/time64.c +++ b/libc/bionic/time64.c @@ -748,10 +748,24 @@ static int valid_tm_mon( const struct TM* date ) { char *asctime64_r( const struct TM* date, char *result ) { /* I figure everything else can be displayed, even hour 25, but if these are out of range we walk off the name arrays */ - if( !valid_tm_wday(date) || !valid_tm_mon(date) ) + if (!valid_tm_wday(date) || !valid_tm_mon(date)) { return NULL; + } + + /* Docs state this function does not support years beyond 9999. */ + if (1900 + date->tm_year > 9999) { + return NULL; + } - sprintf(result, "%.3s %.3s%3d %.2d:%.2d:%.2d %d\n", + /* + * The IBM docs for this function state that the result buffer can be + * assumed to be at least 26 bytes wide. The docs also state that this is + * only valid for years <= 9999, so we know this format string will not + * print more than that many characters. + * + * http://www-01.ibm.com/support/knowledgecenter/SSLTBW_2.1.0/com.ibm.zos.v2r1.bpxbd00/asctimer.htm + */ + snprintf(result, 26, "%.3s %.3s%3d %.2d:%.2d:%.2d %d\n", wday_name[date->tm_wday], mon_name[date->tm_mon], date->tm_mday, date->tm_hour,