Blame SOURCES/coreutils-8.22-date-emptyTZ.patch

e7e4d7
From a10acfb1d2118f9a180181d3fed5399dbbe1df3c Mon Sep 17 00:00:00 2001
e7e4d7
From: Pádraig Brady <P@draigBrady.com>
e7e4d7
Date: Tue, 25 Feb 2014 10:58:48 +0000
e7e4d7
Subject: parse-datetime: fix crash or infloop in TZ="" parsing
e7e4d7
e7e4d7
This was reported in http://bugs.gnu.org/16872
e7e4d7
from the coreutils command: date -d 'TZ="""'
e7e4d7
e7e4d7
The infinite loop for this case was present since the
e7e4d7
initial TZ="" parsing support in commit de95bdc2 29-10-2004.
e7e4d7
This was changed to a crash or heap corruption depending
e7e4d7
on the platform with commit 2e3e4195 18-01-2010.
e7e4d7
e7e4d7
* lib/parse-datetime.y (parse_datetime): Break out of the
e7e4d7
TZ="" parsing loop once the second significant " is found.
e7e4d7
Also skip over any subsequent whitespace to be consistent
e7e4d7
with the non TZ= case.
e7e4d7
---
e7e4d7
diff --git a/lib/parse-datetime.y b/lib/parse-datetime.y
e7e4d7
index 6ece765..0ba0a52 100644
e7e4d7
--- a/lib/parse-datetime.y
e7e4d7
+++ b/lib/parse-datetime.y
e7e4d7
@@ -1303,8 +1303,6 @@ parse_datetime (struct timespec *result, char const *p,
e7e4d7
             char tz1buf[TZBUFSIZE];
e7e4d7
             bool large_tz = TZBUFSIZE < tzsize;
e7e4d7
             bool setenv_ok;
e7e4d7
-            /* Free tz0, in case this is the 2nd or subsequent time through. */
e7e4d7
-            free (tz0);
e7e4d7
             tz0 = get_tz (tz0buf);
e7e4d7
             z = tz1 = large_tz ? xmalloc (tzsize) : tz1buf;
e7e4d7
             for (s = tzbase; *s != '"'; s++)
e7e4d7
@@ -1316,7 +1314,12 @@ parse_datetime (struct timespec *result, char const *p,
e7e4d7
             if (!setenv_ok)
e7e4d7
               goto fail;
e7e4d7
             tz_was_altered = true;
e7e4d7
+
e7e4d7
             p = s + 1;
e7e4d7
+            while (c = *p, c_isspace (c))
e7e4d7
+              p++;
e7e4d7
+
e7e4d7
+            break;
e7e4d7
           }
e7e4d7
     }
e7e4d7
 
e7e4d7
--
e7e4d7
cgit v0.9.0.2