Possible infinite loop in ponyint_formattime
SeanTAllen opened this issue · 0 comments
This is an unlikely bug.
ponyint_formattime
uses strftime
to format a date. We don't know how big of a string we will need, so we allocate 64 bytes and try. If we succeed, we are done. If we get back 0
then we assume that we failed because the string wasn't big enough, allocate a bigger one and try again.
In some locales %p
and %P
result in no output so if they were the only bit of a format string, then 0 would be ok. We have code at the start of ponyint_formattime
to detect this case:
// Bail out on strftime formats that can produce a zero-length string.
if((fmt[0] == '\0') || !strcmp(fmt, "%p") || !strcmp(fmt, "%P"))
{
buffer = (char*)pony_alloc(ctx, 1);
buffer[0] = '\0';
return buffer;
}
However, that check is incomplete. It assumes that no one would do something like "%p%P" or "%p%p%p%p" etc.
We need to update our checks so that if we have a string that starts with %p
or %P
and contains only those format characters, that we return an empty string and do not proceed to using strftime
.