NetBSD Problem Report #39392
From christianbiere@gmx.de Fri Aug 22 17:34:51 2008
Return-Path: <christianbiere@gmx.de>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by narn.NetBSD.org (Postfix) with ESMTP id 26CA163B11D
for <gnats-bugs@gnats.NetBSD.org>; Fri, 22 Aug 2008 17:34:51 +0000 (UTC)
Message-Id: <20080822173540.GA25708@cyclonus>
Date: Fri, 22 Aug 2008 19:35:40 +0200
From: Christian Biere <christianbiere@gmx.de>
To: gnats-bugs@gnats.NetBSD.org
Subject: Document that strftime() is broken by design
X-Send-Pr-Version: 3.95
>Number: 39392
>Category: lib
>Synopsis: Document that strftime() is broken by design
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: lib-bug-people
>State: closed
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Fri Aug 22 17:35:00 +0000 2008
>Closed-Date: Mon Nov 22 04:46:25 +0000 2010
>Last-Modified: Mon Nov 22 04:46:25 +0000 2010
>Originator: Christian Biere
>Release: NetBSD 4.99.68
>Organization:
>Environment:
System: NetBSD cyclonus 4.99.68 NetBSD 4.99.68 (G3N3R1C) #6: Tue Jul 1 10:36:25 CEST 2008 src@cyclonus:/quark/NetBSD/obj/quark/NetBSD/src/sys/arch/i386/compile/G3N3R1C i386
Architecture: i386
Machine: i386
>Description:
strftime() is inherently broken by design due the way it indicates
errors as specified by POSIX. As it returns 0 on error, the error
indicator overlaps with successful operation, namely when the format
gains an empty string. This can, for example, happen by passing an
empty string as format specifier or using "%p" in a locale in which
there are no AM/PM equivalents. Furthermore, POSIX declares the content
of the destination buffer as indeterminate if 0 is returned. That means
accessing the buffer causes undefined behavior. Relying on errno is not
portable because the specification does not mention it. Hence there's no
way to differ between success and error in this case.
>How-To-Repeat:
$ date +
date: Cannot allocate format buffer: Cannot allocate memory
$ date +%p # In a locale without AM/PM equivalents
date: Cannot allocate format buffer: Cannot allocate memory
FWIIW, on FreeBSD there are no such error messages because /bin/date
simply ignores the return value of strftime().
>Fix:
It's not possible to fix this because it's broken by design.
The BUGS section of strftime(3) should be extended by a hint:
A return value of zero does not necessarily indicate an error. If
the resulting string is the empty string, the result value is
zero and it is not possible to differ between success and error.
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed
State-Changed-By: jruoho@NetBSD.org
State-Changed-When: Thu, 29 Apr 2010 10:04:41 +0000
State-Changed-Why:
A note was added to the BUGS section. Thanks!
From: Jukka Ruohonen <jruoho@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/39392 CVS commit: src/lib/libc/time
Date: Thu, 29 Apr 2010 10:03:12 +0000
Module Name: src
Committed By: jruoho
Date: Thu Apr 29 10:03:12 UTC 2010
Modified Files:
src/lib/libc/time: strftime.3
Log Message:
Note the ambiguity of the return value in the BUGS section.
From Christian Biere <christianbiere@gmx.de> in PR #39392.
To generate a diff of this commit:
cvs rdiff -u -r1.24 -r1.25 src/lib/libc/time/strftime.3
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Robert Elz <kre@munnari.OZ.AU>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: lib/39392 (Document that strftime() is broken by design)
Date: Tue, 04 May 2010 18:02:04 +0700
Just for the sake of the PR (and in case anyone else ever looks here),
note that the workaround for this problem is trivial - it is absurdly
simple to make sure that the result cannot be empty (in cases of no
error) and simply deal with it... Maybe the man page should mention
this as well, or perhaps not.
That is, using the %p example given,
n = strftime(buf, sizeof buf, " %p", tmp);
if (n == 0) {
/* certainly an error */
}
p_length = n - 1;
p_value = buf + 1;
Another PR might be reasonable for date(1) to make it use this kind of
workaround instead of issuing spurious error messages (for "date" rather
that copying stuff and inserting leading spaces, just leave the command
line '+' in the string passed to strftime, then delete it from the result
before printing).
A patch to fix date is appended, in case it is useful for anyone. This
is against date.c version 1.50 (which is what I happened to have lying
around) - if that's not what's in current, adapting this should be trivial.
kre
--- date.c.ORIG 2010-05-04 17:57:45.000000000 +0700
+++ date.c 2010-05-04 17:56:44.000000000 +0700
@@ -118,11 +118,11 @@
if (!rflag && time(&tval) == -1)
err(EXIT_FAILURE, "time");
- format = "%a %b %e %H:%M:%S %Z %Y";
+ format = "+%a %b %e %H:%M:%S %Z %Y";
/* allow the operands in any order */
if (*argv && **argv == '+') {
- format = *argv + 1;
+ format = *argv;
++argv;
}
@@ -132,14 +132,14 @@
}
if (*argv && **argv == '+')
- format = *argv + 1;
+ format = *argv;
if ((buf = malloc(bufsiz = 1024)) == NULL)
goto bad;
while (strftime(buf, bufsiz, format, localtime(&tval)) == 0)
if ((buf = realloc(buf, bufsiz <<= 1)) == NULL)
goto bad;
- (void)printf("%s\n", buf);
+ (void)printf("%s\n", buf + 1);
free(buf);
return 0;
bad:
From: "David A. Holland" <dholland@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/39392 CVS commit: src/lib/libc/time
Date: Sat, 29 May 2010 20:32:18 +0000
Module Name: src
Committed By: dholland
Date: Sat May 29 20:32:18 UTC 2010
Modified Files:
src/lib/libc/time: strftime.3
Log Message:
Note briefly how to avoid the problem where 0 can be a valid successful
return as well as an error. Suggested by Robert Elz in follow up to PR 39392.
To generate a diff of this commit:
cvs rdiff -u -r1.25 -r1.26 src/lib/libc/time/strftime.3
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "David A. Holland" <dholland@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/39392 CVS commit: src/bin/date
Date: Sat, 29 May 2010 20:41:58 +0000
Module Name: src
Committed By: dholland
Date: Sat May 29 20:41:58 UTC 2010
Modified Files:
src/bin/date: date.c
Log Message:
Don't blow up on date +''. Patch from Robert Elz in followup to PR 39392.
To generate a diff of this commit:
cvs rdiff -u -r1.52 -r1.53 src/bin/date/date.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: closed->pending-pullups
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Sun, 30 May 2010 01:22:43 +0000
State-Changed-Why:
pullup-5 #1411 and pullup-4 #1396 for the date fix.
(which should really have been its own PR I guess but oh well)
From: Jeff Rizzo <riz@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/39392 CVS commit: [netbsd-4] src/bin/date
Date: Sun, 13 Jun 2010 18:14:53 +0000
Module Name: src
Committed By: riz
Date: Sun Jun 13 18:14:53 UTC 2010
Modified Files:
src/bin/date [netbsd-4]: date.c
Log Message:
Pull up following revision(s) (requested by dholland in ticket #1396):
bin/date/date.c: revision 1.53
Don't blow up on date +''. Patch from Robert Elz in followup to PR 39392.
To generate a diff of this commit:
cvs rdiff -u -r1.49 -r1.49.2.1 src/bin/date/date.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Jeff Rizzo" <riz@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/39392 CVS commit: [netbsd-5] src/bin/date
Date: Sun, 21 Nov 2010 17:26:37 +0000
Module Name: src
Committed By: riz
Date: Sun Nov 21 17:26:36 UTC 2010
Modified Files:
src/bin/date [netbsd-5]: date.c
Log Message:
Pull up following revision(s) (requested by dholland in ticket #1411):
bin/date/date.c: revision 1.53
Don't blow up on date +''. Patch from Robert Elz in followup to PR 39392.
To generate a diff of this commit:
cvs rdiff -u -r1.52 -r1.52.4.1 src/bin/date/date.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: pending-pullups->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Mon, 22 Nov 2010 04:46:25 +0000
State-Changed-Why:
date fix is now in all supported branches, so this can be closed again.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home