http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47802
--- Comment #9 from Jeffrey A. Law <law at redhat dot com> 2011-02-21 18:49:02 UTC --- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/21/11 10:41, jakub at gcc dot gnu.org wrote: > http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47802 > > Jakub Jelinek <jakub at gcc dot gnu.org> changed: > > What |Removed |Added > ---------------------------------------------------------------------------- > CC| |jakub at gcc dot gnu.org > > --- Comment #7 from Jakub Jelinek <jakub at gcc dot gnu.org> 2011-02-21 > 17:41:20 UTC --- > Well, we don't want to use ctime because it is not thread-safe. Right. > glibc ctime_r implementation should be safe if the passed buffer is at least > 26 > bytes long, it calls internally asctime, which is: I'm aware that glibc's variant is safe from bogus input causing a buffer overrun. The problem is not every vendor's implementation is safe with regards to buffer overruns due to bogus input. Furthermore, I don't think any of the implementations are safe if the user supplied buffer is less than 26 bytes. So if an idiot programmer called ctime_r with too small a buffer, then we've got a buffer overrun and a vector for a security attack. jeff -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNYrOUAAoJEBRtltQi2kC7KPMH/25knyvBbLrN5lHbuBHJ9sh3 eGFMuym9/5yXRn/oAesxoPA/PqakfULGUgecF7168H+N+ECoHhn53D/clY5ea7Ti 6yuLb0a2rFMtZpn+BxB4JFzW3hdDXKjj8nIZiT5PuZX7yjLfIYlQZiVBpVG0IpfU wGGFXHUnGM1j4YDB0tStZnzU+4/rkXml2pmjBzApjGGDrMRXarrrCD4cEffBGZOc xnVLfcarKQ/wnltrEs3PCogG8zwpu4Gp6jJLnZDYNF4Rk8K4RhsvmeRzFND0n0ZM 3w9dBEQXF3AqmrWVBX08krgXornXN1n7zwj3bZdM6o6jH6iW5NY4vsyx4SRtZ7Q= =JcEq -----END PGP SIGNATURE-----
