From 0572555dab1d1e10b5f7351a005ec588cab41e25 Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Sun, 22 Mar 2026 21:32:35 -0400 Subject: fix incorrect access to tzname[] by strptime %Z conversion specifier there are three issues here: 1. if tzset has not been called (explicitly or implicitly), the tzname[] array will contain null pointers, and the dereference to compare against them has undefined behavior (and will fault). 2. access to tzname[] was performed without the timezone lock held. this resulted in a data race if the timezone is concurrently changed from another thread. 3. due to unintended signedness of the types, the open-coded isalpha in the non-matching case was wrong and would continue past null termination. to fix the first two issues, the body of the %Z conversion is moved to __tz.c where it has access to locking, and null checks are added. there is probably an argument to be made that the equivalent of tzset should happen here, but POSIX does not specify that to happen, so in the absence of an interpretation adding such an allowance or requirement, it is not done. the third issue is fixed just by using the existing isalpha macro. --- src/time/__tz.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'src/time/__tz.c') diff --git a/src/time/__tz.c b/src/time/__tz.c index 54ed4cf6..cfce268e 100644 --- a/src/time/__tz.c +++ b/src/time/__tz.c @@ -436,3 +436,22 @@ const char *__tm_to_tzname(const struct tm *tm) UNLOCK(lock); return p; } + +int __tzname_to_isdst(const char *restrict *s) +{ + size_t len; + int isdst = -1; + LOCK(lock); + if (tzname[0] && !strncmp(*s, tzname[0], len = strlen(tzname[0]))) { + isdst = 0; + *s += len; + } else if (tzname[1] && !strncmp(*s, tzname[1], len=strlen(tzname[1]))) { + isdst = 1; + *s += len; + } else { + /* FIXME: is this supposed to be an error? */ + while (isalpha(**s)) ++*s; + } + UNLOCK(lock); + return isdst; +} -- cgit v1.2.1