From: <ps...@us...> - 2009-02-24 15:52:46
|
Revision: 1394 http://znc.svn.sourceforge.net/znc/?rev=1394&view=rev Author: psychon Date: 2009-02-24 15:52:43 +0000 (Tue, 24 Feb 2009) Log Message: ----------- Check the return value of strftime() strftime() returns zero for errors and the state of the buffer we passed to it is undefined in this case. This lead to a non-null-terminated string being used. The impact of this bug should be low, no writing was done and you were only able to get a partial stack dump. A crash through this is quite unlikely. Thanks to cnu for finding and reporting this. Modified Paths: -------------- trunk/User.cpp Modified: trunk/User.cpp =================================================================== --- trunk/User.cpp 2009-02-24 14:55:44 UTC (rev 1393) +++ trunk/User.cpp 2009-02-24 15:52:43 UTC (rev 1394) @@ -171,9 +171,13 @@ } else { time(&tm); tm += (time_t)(m_fTimezoneOffset * 60 * 60); // offset is in hours - strftime(szTimestamp, sizeof(szTimestamp) / sizeof(char), GetTimestampFormat().c_str(), localtime(&tm)); + size_t i = strftime(szTimestamp, sizeof(szTimestamp), GetTimestampFormat().c_str(), localtime(&tm)); + if (i != 0) { + sRet = sStr; + } else { + sRet.clear(); + } - sRet = sStr; if (m_bPrependTimestamp) { sRet = szTimestamp; sRet += " " + sStr; This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |