#2779 SEGV on xstrftime()
version: gnuplot 6.1 last modified 2025-03-05
system: ubuntu 22.04
use this command to reproduce: valgrind gnutplot poc
message from valgrind:
==1559678== Memcheck, a memory error detector
==1559678== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==1559678== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==1559678== Command: ./gnuplot ./fuzzer02/crashes/id:000011,sig:11,src:014670,op:havoc,rep:2
==1559678==
se
mo
mo''e
mo
3o
^
==1559678== Conditional jump or move depends on uninitialised value(s)
==1559678== at 0x4D23AD6: __vfprintf_internal (vfprintf-internal.c:1516)
==1559678== by 0x4D35499: __vsnprintf_internal (vsnprintf.c:114)
==1559678== by 0x4DE1B34: __snprintf_chk (snprintf_chk.c:38)
==1559678== by 0x581DF9: snprintf (stdio2.h:71)
==1559678== by 0x581DF9: xstrftime (time.c:742)
==1559678== by 0x58472E: gstrftime (time.c:459)
==1559678== by 0x345580: xDateTimeFormat (mouse.c:638)
==1559678== by 0x34EA9C: GetAnnotateString.constprop.0 (mouse.c:549)
Did you actually trigger a segfault on this one? All I get is a warning like the one printed in your valgrind output "Conditional jump or move depends on uninitialised value(s)". The program issues a warning that the time value is out of range and continues with no harmful side effects that I know of. The warning could be made into a fatal error instead, but then you could get program failure on a single bad data value rather than just a warning and maybe a mangled time string somewhere. I wouldn't consider that a fix or an improvement over the current behaviour.
On the other hand, the fact that your reproducer manages to trigger the warning from a routine in the mousing code even though the current terminal has no mouse support - now that indicates a more serious problem than the complaint about an invalid time value. Fixed for 6.0 and 6.1 by reverting a poorly thought out change that added dummy mousing routines to non-mousing terminals.
Did you actually trigger a segfault on this one? All I get is a warning like the one printed in your valgrind output "Conditional jump or move depends on uninitialised value(s)". The program issues a warning that the time value is out of range and continues with no harmful side effects that I know of. The warning could be made into a fatal error instead, but then you could get program failure on a single bad data value rather than just a warning and maybe a mangled time string somewhere. I wouldn't consider that a fix or an improvement over the current behaviour.
On the other hand, the fact that your reproducer manages to trigger the warning from a routine in the mousing code even though the current terminal has no mouse support - now that indicates a more serious problem than the complaint about an invalid time value. Fixed for 6.0 and 6.1 by reverting a poorly thought out change that added dummy mousing routines to non-mousing terminals.