On 2/8/24 01:02, Bruno Haible wrote:
https://codesearch.debian.net/search?q=%5Cb%28as%29%3Fctime%28_r%29%3F%5Cb+*%5B%28%5D+filetype%3Ac+package%3Acpio&literal=0
That URL is a false positive. The code's comment explains why:
/* Get time values ready to print. Do not worry about ctime failing,
or a year outside the range 1000-9999, since 0 <= WHEN < 2**33. */
tbuf = ctime (&when);
I wrote that code last year when fixing some integer overflow bugs in
GNU cpio <https://bugs.gnu.org/50694>.
The other URLs seem to be mostly true positives, some more serious since
a file timestamp out of range can cause undefined behavior.
