From 4a16ddf53e7c634169d0a649782f8a724611f263 Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Mon, 12 Feb 2024 17:35:48 -0500 Subject: strftime: fix breakage in last change (uninitialized pointer access) commit f47a5d400b8ffa26cfc5b345dbff52fec94ac7f3 overlooked that strtoul was responsible for setting p to a const-laundered copy of the format string pointer f, even in the case where there was no number to parse. by making the call conditional on isdigit, that copy was lost. the logic here is a mess and should be cleaned up, but for now, this seems to be the least invasive change that undoes the breakage. --- src/time/strftime.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/time/strftime.c b/src/time/strftime.c index ef590903..c40246db 100644 --- a/src/time/strftime.c +++ b/src/time/strftime.c @@ -234,7 +234,12 @@ size_t __strftime_l(char *restrict s, size_t n, const char *restrict f, const st pad = 0; if (*f == '-' || *f == '_' || *f == '0') pad = *f++; if ((plus = (*f == '+'))) f++; - width = isdigit(*f) ? strtoul(f, &p, 10) : 0; + if (isdigit(*f)) { + width = strtoul(f, &p, 10); + } else { + width = 0; + p = (void *)f; + } if (*p == 'C' || *p == 'F' || *p == 'G' || *p == 'Y') { if (!width && p!=f) width = 1; } else { -- cgit v1.2.1