commit b7c76babfbceb92220d0a53a6e43e1622e2058f7
parent b8979423964260482e4fa1e953e4579c2c019437
Author: Chris Bracken <chris@bracken.jp>
Date: Mon, 17 Nov 2025 20:41:16 +0900
Prevent int overflow in print_time
If a timezone_offset of greater than 24 is passed in, it's almost
certainly incorrect. Print a warning instead of outputting the formatted
time, in order to avoid int overflow.
Diffstat:
2 files changed, 23 insertions(+), 0 deletions(-)
diff --git a/format.c b/format.c
@@ -6,6 +6,11 @@
#include <time.h>
void print_time(FILE* out, time_t time, int timezone_offset) {
+ // Reject any offset > 24 hours.
+ if (timezone_offset < -1440 || timezone_offset > 1440) {
+ warnx("invalid timezone offset: %d", timezone_offset);
+ return;
+ }
time_t local_time = time + (timezone_offset * 60);
struct tm* time_in = gmtime(&local_time);
if (!time_in) {
diff --git a/format_tests.c b/format_tests.c
@@ -60,6 +60,24 @@ UTEST(print_time, ZeroOffset) {
free(buf);
}
+UTEST(print_time, IllegalOffset) {
+ char* buf = NULL;
+ size_t size = 0;
+ FILE* out = open_memstream(&buf, &size);
+ ASSERT_NE(NULL, out);
+
+ /* Test time: 2023-12-08 10:30:00 UTC */
+ time_t test_time = 1702031400;
+ int timezone_offset = 1441; /* 24 hours + 1 minute */
+
+ print_time(out, test_time, timezone_offset);
+ fclose(out);
+
+ EXPECT_STREQ("", buf);
+
+ free(buf);
+}
+
UTEST(print_time_z, Basic) {
char* buf = NULL;
size_t size = 0;
