commit - 10f7109c7e5c4cdf3339876e2ff150a19a36b308
commit + 9a72c36fc4346aa318610b3e5d206698f8f4e0bf
blob - /dev/null
blob + 104e22ca52d68a1c5d5e1833ecdacf06b638af85 (mode 644)
--- /dev/null
+++ changelogs/unreleased/gh-8502-fix-buffer-overflow-in-tnt_strptime.md
+## bugfix/datetime
+
+* Fixed a bug with buffer overflow in tnt_strptime (gh-8502).
blob - b208e2b965aa4df2dd3753c855237445297e1d4f
blob + 4cc4351fc9ff8b0523bfe504aaacb9b370638ad2
--- src/lib/tzcode/strptime.c
+++ src/lib/tzcode/strptime.c
c = *ptr++;
if (c != '%') {
- if (isspace((u_char)c))
+ /* Eat up white-space in buffer and in format. */
+ if (isspace((u_char)c)) {
while (*buf != 0 && isspace((u_char)*buf))
buf++;
+ }
else if (c != *buf++)
return NULL;
continue;
if ((flags & (FLAG_YEAR | FLAG_YDAY)) == (FLAG_YEAR | FLAG_YDAY)) {
if (!(flags & FLAG_MONTH)) {
i = 0;
- while (tm->tm_yday >=
- start_of_month[isleap(tm->tm_year +
- TM_YEAR_BASE)][i])
+ while (i <= 12 &&
+ tm->tm_yday >=
+ start_of_month[isleap(tm->tm_year +
+ TM_YEAR_BASE)][i])
i++;
if (i > 12) {
i = 1;