Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Possible infinite loop in ponyint_formattime #4446

Open
SeanTAllen opened this issue Sep 17, 2023 · 0 comments
Open

Possible infinite loop in ponyint_formattime #4446

SeanTAllen opened this issue Sep 17, 2023 · 0 comments
Labels
good first issue Good for newcomers help wanted Extra attention is needed

Comments

@SeanTAllen
Copy link
Member

This is an unlikely bug.

ponyint_formattime uses strftime to format a date. We don't know how big of a string we will need, so we allocate 64 bytes and try. If we succeed, we are done. If we get back 0 then we assume that we failed because the string wasn't big enough, allocate a bigger one and try again.

In some locales %p and %P result in no output so if they were the only bit of a format string, then 0 would be ok. We have code at the start of ponyint_formattime to detect this case:

  // Bail out on strftime formats that can produce a zero-length string.
  if((fmt[0] == '\0') || !strcmp(fmt, "%p") || !strcmp(fmt, "%P"))
  {
    buffer = (char*)pony_alloc(ctx, 1);
    buffer[0] = '\0';
    return buffer;
  }

However, that check is incomplete. It assumes that no one would do something like "%p%P" or "%p%p%p%p" etc.

We need to update our checks so that if we have a string that starts with %p or %P and contains only those format characters, that we return an empty string and do not proceed to using strftime.

@SeanTAllen SeanTAllen added help wanted Extra attention is needed bug good first issue Good for newcomers labels Sep 17, 2023
@ponylang-main ponylang-main added the discuss during sync Should be discussed during an upcoming sync label Sep 17, 2023
@SeanTAllen SeanTAllen removed the discuss during sync Should be discussed during an upcoming sync label Sep 19, 2023
@SeanTAllen SeanTAllen removed the bug label Jan 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
good first issue Good for newcomers help wanted Extra attention is needed
Projects
None yet
Development

No branches or pull requests

2 participants