From patchwork Wed Feb 18 10:46:08 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Florian Weimer X-Patchwork-Id: 5159 Received: (qmail 29201 invoked by alias); 18 Feb 2015 10:46:26 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 29189 invoked by uid 89); 18 Feb 2015 10:46:25 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-3.0 required=5.0 tests=AWL, BAYES_00, SPF_HELO_PASS, SPF_PASS, T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 X-HELO: mx1.redhat.com Message-ID: <54E46D70.7000601@redhat.com> Date: Wed, 18 Feb 2015 11:46:08 +0100 From: Florian Weimer User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Paul Eggert , GNU C Library Subject: Re: [PATCH v3] tzset robustness [BZ#17715] References: <54E24689.4010108@redhat.com> <54E24EEF.6090503@cs.ucla.edu> <54E2516E.8050100@redhat.com> <54E27473.6030407@cs.ucla.edu> In-Reply-To: <54E27473.6030407@cs.ucla.edu> On 02/16/2015 11:51 PM, Paul Eggert wrote: > Florian Weimer wrote: >> So I'm not sure what to do here. Get rid of the alloca? That's going >> to be more difficult to review. > > I haven't read the code carefully, but if the only reason for the alloca > is to have a temporary string that one can munge by storing '\0' bytes > at strategic locations, then I presume that one could rewrite the code > to avoid the need to make a temporary copy, Indeed. I introduced __tzstring_len to avoid the need for the copy, and broke down __tzset_parse_tz into several smaller functions. Hopefully, the control flow is more transparent. >> I think TZNAME_MAX only applies to the “PST” part. > > True, but I don't see how this contradicts what I wrote. > > There are two limits here: the length limit for the entire TZ string > (which POSIX does not allow a tight limit for), and the length limit for > the time zone abbreviation (which is less than the TZ string limit, and > which POSIX allows a tight limit for). Currently glibc does not impose > much of a limit on either quantity. It sounds like you're thinking of > limiting the latter to 255 bytes. If so, this new restriction should be > done consistently and correctly, e.g., by altering how sysconf > (_SC_TZNAME_MAX) behaves. Wow, sysconf (_SZ_TZNAME_MAX) is really weird. Instead of reporting there is no limit, it returns the maximum of the name lengths seen so far. > Currently neither glibc nor Solaris impose a tight limit on time zone > abbreviation length, so this would be an incompatible change. It > probably wouldn't affect much real-world code, though. I think the focus should be on TZ scrubbing anyway, but I see that current consensus is against that. From d04aaa5f5873d78b4c40c9f226cb89f612c90156 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Wed, 18 Feb 2015 11:41:24 +0100 Subject: [PATCH] Make time zone file parser more robust [BZ #17715] 2015-02-18 Florian Weimer [BZ #17715] * time/tzfile.c (__tzfile_read): Check for large values of tzh_ttisstdcnt and tzh_ttisgmtcnt. Use malloc instead of alloca. * time/tzset.c (__tzstring_len): New function, based on the old __tzstring function. (__tzstring): Call __tzstring_len. (parse_tzname): New helper function extracted from __tzset_parse_tz. Call __tzstring_len, without making a copy of the input string. (parse_offset): New helper function extracted from __tzset_parse_tz. Replace switch with fallthrough with initialization before sscanf. (parse_rule): Likewise. (__tzset_parse_tz): Rewrite using the new helper functions. Use new-style function definition. * timezone/Makefile (tests): Add tst-tzset. (tst-tzset.out): Dependencies on time zone files. (tst-tzset-ENV): Set TZDIR. (testdata/XT%): Copy crafted time zone files. * timezone/README: Mention crafted time zone files. * timezone/testdata/XT1, timezone/testdata/XT2, timezone/testdata/XT3, timezone/testdata/XT4: New time zone test files. * timezone/tst-tzset.c: New test. diff --git a/NEWS b/NEWS index 781f7a7..9883eb6 100644 --- a/NEWS +++ b/NEWS @@ -9,8 +9,14 @@ Version 2.22 * The following bugs are resolved with this release: - 4719, 15467, 15790, 16560, 17569, 17792, 17912, 17932, 17944, 17949, - 17964, 17965, 17967, 17969. + 4719, 15467, 15790, 16560, 17569, 17715, 17792, 17912, 17932, 17944, + 17949, 17964, 17965, 17967, 17969. + +* The time zone file parser has been made more robust against crafted time + zone files, avoiding heap buffer overflows related to the processing of + the tzh_ttisstdcnt and tzh_ttisgmtcnt fields, and a stack overflow due to + large time zone data files. Overly long time zone specifiers in the TZ + variable no longer result in stack overflows and crashes. Version 2.21 diff --git a/time/tzfile.c b/time/tzfile.c index bcb408f..46d4fc7 100644 --- a/time/tzfile.c +++ b/time/tzfile.c @@ -200,6 +200,9 @@ __tzfile_read (const char *file, size_t extra, char **extrap) num_isstd = (size_t) decode (tzhead.tzh_ttisstdcnt); num_isgmt = (size_t) decode (tzhead.tzh_ttisgmtcnt); + if (__glibc_unlikely (num_isstd > num_types || num_isgmt > num_types)) + goto lose; + /* For platforms with 64-bit time_t we use the new format if available. */ if (sizeof (time_t) == 8 && trans_width == 4 && tzhead.tzh_version[0] != '\0') @@ -434,13 +437,21 @@ __tzfile_read (const char *file, size_t extra, char **extrap) goto lose; tzspec_len = st.st_size - off - 1; - char *tzstr = alloca (tzspec_len); + if (tzspec_len == 0) + goto lose; + char *tzstr = malloc (tzspec_len); + if (tzstr == NULL) + goto lose; if (getc_unlocked (f) != '\n' || (__fread_unlocked (tzstr, 1, tzspec_len - 1, f) != tzspec_len - 1)) - goto lose; + { + free (tzstr); + goto lose; + } tzstr[tzspec_len - 1] = '\0'; tzspec = __tzstring (tzstr); + free (tzstr); } /* Don't use an empty TZ string. */ diff --git a/time/tzset.c b/time/tzset.c index 8bc7a2e..9948c70 100644 --- a/time/tzset.c +++ b/time/tzset.c @@ -18,6 +18,7 @@ #include #include #include +#include #include #include #include @@ -82,15 +83,14 @@ struct tzstring_l static struct tzstring_l *tzstring_list; -/* Allocate a permanent home for S. It will never be moved or deallocated, - but may share space with other strings. - Don't modify the returned string. */ -char * -__tzstring (const char *s) +/* Allocate a permanent home for the first LEN characters of S. It + will never be moved or deallocated, but may share space with other + strings. Don't modify the returned string. */ +static char * +__tzstring_len (const char *s, size_t len) { char *p; struct tzstring_l *t, *u, *new; - size_t len = strlen (s); /* Walk the list and look for a match. If this string is the same as the end of an already-allocated string, it can share space. */ @@ -98,7 +98,7 @@ __tzstring (const char *s) if (len <= t->len) { p = &t->data[t->len - len]; - if (strcmp (s, p) == 0) + if (memcmp (s, p, len) == 0) return p; } @@ -109,7 +109,8 @@ __tzstring (const char *s) new->next = NULL; new->len = len; - strcpy (new->data, s); + memcpy (new->data, s, len); + new->data[len] = '\0'; if (u) u->next = new; @@ -118,6 +119,15 @@ __tzstring (const char *s) return new->data; } + +/* Allocate a permanent home for S. It will never be moved or + deallocated, but may share space with other strings. Don't modify + the returned string. */ +char * +__tzstring (const char *s) +{ + return __tzstring_len (s, strlen (s)); +} /* Maximum length of a timezone name. tzset_internal keeps this up to date (never decreasing it) when ! __use_tzfile. @@ -164,234 +174,215 @@ compute_offset (unsigned int ss, unsigned int mm, unsigned int hh) return min (ss, 59) + min (mm, 59) * 60 + min (hh, 24) * 60 * 60; } - -/* Parse the POSIX TZ-style string. */ -void -__tzset_parse_tz (tz) - const char *tz; +/* Parses the time zone name at *TZP, and writes a pointer to an + interned string to tz_rules[WHICHRULE].name. On success, advances + *TZP, and returns true. Returns false otherwise. */ +static bool +parse_tzname (const char **tzp, int whichrule) { - unsigned short int hh, mm, ss; - - /* Clear out old state and reset to unnamed UTC. */ - memset (tz_rules, '\0', sizeof tz_rules); - tz_rules[0].name = tz_rules[1].name = ""; - - /* Get the standard timezone name. */ - char *tzbuf = strdupa (tz); - - int consumed; - if (sscanf (tz, "%[A-Za-z]%n", tzbuf, &consumed) != 1) + const char *start = *tzp; + const char *p = start; + while (('a' <= *p && *p <= 'z') + || ('A' <= *p && *p <= 'Z')) + ++p; + size_t len = p - start; + if (len < 3) { - /* Check for the quoted version. */ - char *wp = tzbuf; - if (__glibc_unlikely (*tz++ != '<')) - goto out; - - while (isalnum (*tz) || *tz == '+' || *tz == '-') - *wp++ = *tz++; - if (__glibc_unlikely (*tz++ != '>' || wp - tzbuf < 3)) - goto out; - *wp = '\0'; + p = *tzp; + if (__glibc_unlikely (*p++ != '<')) + return false; + start = p; + while (('a' <= *p && *p <= 'z') + || ('A' <= *p && *p <= 'Z') + || ('0' <= *p && *p <= '9') + || *p == '+' || *p == '-') + ++p; + len = p - start; + if (*p++ != '>' || len < 3) + return false; } - else if (__glibc_unlikely (consumed < 3)) - goto out; - else - tz += consumed; - - tz_rules[0].name = __tzstring (tzbuf); + tz_rules[whichrule].name = __tzstring_len (start, len); + *tzp = p; + return true; +} - /* Figure out the standard offset from UTC. */ - if (*tz == '\0' || (*tz != '+' && *tz != '-' && !isdigit (*tz))) - goto out; +/* Parses the time zone offset at *TZP, and writes it to + tz_rules[WHICHRULE].offset. Returns true if the parse was + successful. */ +static bool +parse_offset (const char **tzp, int whichrule) +{ + const char *tz = *tzp; + if (whichrule == 0 + && (*tz == '\0' || (*tz != '+' && *tz != '-' && !isdigit (*tz)))) + return false; + long sign; if (*tz == '-' || *tz == '+') - tz_rules[0].offset = *tz++ == '-' ? 1L : -1L; + sign = *tz++ == '-' ? 1L : -1L; else - tz_rules[0].offset = -1L; - switch (sscanf (tz, "%hu%n:%hu%n:%hu%n", - &hh, &consumed, &mm, &consumed, &ss, &consumed)) - { - default: - tz_rules[0].offset = 0; - goto out; - case 1: - mm = 0; - case 2: - ss = 0; - case 3: - break; - } - tz_rules[0].offset *= compute_offset (ss, mm, hh); - tz += consumed; - - /* Get the DST timezone name (if any). */ - if (*tz != '\0') - { - if (sscanf (tz, "%[A-Za-z]%n", tzbuf, &consumed) != 1) - { - /* Check for the quoted version. */ - char *wp = tzbuf; - const char *rp = tz; - if (__glibc_unlikely (*rp++ != '<')) - /* Punt on name, set up the offsets. */ - goto done_names; - - while (isalnum (*rp) || *rp == '+' || *rp == '-') - *wp++ = *rp++; - if (__glibc_unlikely (*rp++ != '>' || wp - tzbuf < 3)) - /* Punt on name, set up the offsets. */ - goto done_names; - *wp = '\0'; - tz = rp; - } - else if (__glibc_unlikely (consumed < 3)) - /* Punt on name, set up the offsets. */ - goto done_names; + sign = -1L; + *tzp = tz; + + unsigned short int hh; + unsigned short mm = 0; + unsigned short ss = 0; + int consumed = 0; + if (sscanf (tz, "%hu%n:%hu%n:%hu%n", + &hh, &consumed, &mm, &consumed, &ss, &consumed) > 0) + tz_rules[whichrule].offset = sign * compute_offset (ss, mm, hh); + else + /* Nothing could be parsed. */ + if (whichrule == 0) + { + /* Standard time defaults to offset zero. */ + tz_rules[0].offset = 0; + return false; + } else - tz += consumed; + /* DST defaults to one hour later than standard time. */ + tz_rules[1].offset = tz_rules[0].offset + (60 * 60); + *tzp = tz + consumed; + return true; +} - tz_rules[1].name = __tzstring (tzbuf); +/* Parses the standard <-> DST rules at *TZP. Updates + tz_rule[WHICHRULE]. On success, advances *TZP and returns true. + Otherwise, returns false. */ +static bool +parse_rule (const char **tzp, int whichrule) +{ + const char *tz = *tzp; + tz_rule *tzr = &tz_rules[whichrule]; - /* Figure out the DST offset from GMT. */ - if (*tz == '-' || *tz == '+') - tz_rules[1].offset = *tz++ == '-' ? 1L : -1L; - else - tz_rules[1].offset = -1L; + /* Ignore comma to support string following the incorrect + specification in early POSIX.1 printings. */ + tz += *tz == ','; - switch (sscanf (tz, "%hu%n:%hu%n:%hu%n", - &hh, &consumed, &mm, &consumed, &ss, &consumed)) + /* Get the date of the change. */ + if (*tz == 'J' || isdigit (*tz)) + { + char *end; + tzr->type = *tz == 'J' ? J1 : J0; + if (tzr->type == J1 && !isdigit (*++tz)) + return false; + unsigned long int d = strtoul (tz, &end, 10); + if (end == tz || d > 365) + return false; + if (tzr->type == J1 && d == 0) + return false; + tzr->d = d; + tz = end; + } + else if (*tz == 'M') + { + tzr->type = M; + int consumed; + if (sscanf (tz, "M%hu.%hu.%hu%n", + &tzr->m, &tzr->n, &tzr->d, &consumed) != 3 + || tzr->m < 1 || tzr->m > 12 + || tzr->n < 1 || tzr->n > 5 || tzr->d > 6) + return false; + tz += consumed; + } + else if (*tz == '\0') + { + /* Daylight time rules in the U.S. are defined in the U.S. Code, + Title 15, Chapter 6, Subchapter IX - Standard Time. These + dates were established by Congress in the Energy Policy Act + of 2005 [Pub. L. no. 109-58, 119 Stat 594 (2005)]. + Below is the equivalent of "M3.2.0,M11.1.0" [/2 not needed + since 2:00AM is the default]. */ + tzr->type = M; + if (tzr == &tz_rules[0]) { - default: - /* Default to one hour later than standard time. */ - tz_rules[1].offset = tz_rules[0].offset + (60 * 60); - break; - - case 1: - mm = 0; - case 2: - ss = 0; - case 3: - tz_rules[1].offset *= compute_offset (ss, mm, hh); - tz += consumed; - break; + tzr->m = 3; + tzr->n = 2; + tzr->d = 0; } - if (*tz == '\0' || (tz[0] == ',' && tz[1] == '\0')) + else { - /* There is no rule. See if there is a default rule file. */ - __tzfile_default (tz_rules[0].name, tz_rules[1].name, - tz_rules[0].offset, tz_rules[1].offset); - if (__use_tzfile) - { - free (old_tz); - old_tz = NULL; - return; - } + tzr->m = 11; + tzr->n = 1; + tzr->d = 0; } } else + return false; + + if (*tz != '\0' && *tz != '/' && *tz != ',') + return false; + else if (*tz == '/') { - /* There is no DST. */ - tz_rules[1].name = tz_rules[0].name; - tz_rules[1].offset = tz_rules[0].offset; - goto out; + /* Get the time of day of the change. */ + int negative; + ++tz; + if (*tz == '\0') + return false; + negative = *tz == '-'; + tz += negative; + /* Default to 2:00 AM. */ + unsigned short hh = 2; + unsigned short mm = 0; + unsigned short ss = 0; + int consumed = 0; + sscanf (tz, "%hu%n:%hu%n:%hu%n", + &hh, &consumed, &mm, &consumed, &ss, &consumed);; + tz += consumed; + tzr->secs = (negative ? -1 : 1) * ((hh * 60 * 60) + (mm * 60) + ss); } + else + /* Default to 2:00 AM. */ + tzr->secs = 2 * 60 * 60; - done_names: - /* Figure out the standard <-> DST rules. */ - for (unsigned int whichrule = 0; whichrule < 2; ++whichrule) - { - tz_rule *tzr = &tz_rules[whichrule]; + tzr->computed_for = -1; + *tzp = tz; + return true; +} - /* Ignore comma to support string following the incorrect - specification in early POSIX.1 printings. */ - tz += *tz == ','; +/* Parse the POSIX TZ-style string. */ +void +__tzset_parse_tz (const char *tz) +{ + /* Clear out old state and reset to unnamed UTC. */ + memset (tz_rules, '\0', sizeof tz_rules); + tz_rules[0].name = tz_rules[1].name = ""; - /* Get the date of the change. */ - if (*tz == 'J' || isdigit (*tz)) - { - char *end; - tzr->type = *tz == 'J' ? J1 : J0; - if (tzr->type == J1 && !isdigit (*++tz)) - goto out; - unsigned long int d = strtoul (tz, &end, 10); - if (end == tz || d > 365) - goto out; - if (tzr->type == J1 && d == 0) - goto out; - tzr->d = d; - tz = end; - } - else if (*tz == 'M') - { - tzr->type = M; - if (sscanf (tz, "M%hu.%hu.%hu%n", - &tzr->m, &tzr->n, &tzr->d, &consumed) != 3 - || tzr->m < 1 || tzr->m > 12 - || tzr->n < 1 || tzr->n > 5 || tzr->d > 6) - goto out; - tz += consumed; - } - else if (*tz == '\0') + /* Get the standard timezone name. */ + if (parse_tzname (&tz, 0) && parse_offset (&tz, 0)) + { + /* Get the DST timezone name (if any). */ + if (*tz != '\0') { - /* Daylight time rules in the U.S. are defined in the - U.S. Code, Title 15, Chapter 6, Subchapter IX - Standard - Time. These dates were established by Congress in the - Energy Policy Act of 2005 [Pub. L. no. 109-58, 119 Stat 594 - (2005)]. - Below is the equivalent of "M3.2.0,M11.1.0" [/2 not needed - since 2:00AM is the default]. */ - tzr->type = M; - if (tzr == &tz_rules[0]) + if (parse_tzname (&tz, 1)) { - tzr->m = 3; - tzr->n = 2; - tzr->d = 0; - } - else - { - tzr->m = 11; - tzr->n = 1; - tzr->d = 0; + parse_offset (&tz, 1); + if (*tz == '\0' || (tz[0] == ',' && tz[1] == '\0')) + { + /* There is no rule. See if there is a default rule + file. */ + __tzfile_default (tz_rules[0].name, tz_rules[1].name, + tz_rules[0].offset, tz_rules[1].offset); + if (__use_tzfile) + { + free (old_tz); + old_tz = NULL; + return; + } + } } + /* Figure out the standard <-> DST rules. */ + if (parse_rule (&tz, 0)) + parse_rule (&tz, 1); } else - goto out; - - if (*tz != '\0' && *tz != '/' && *tz != ',') - goto out; - else if (*tz == '/') { - /* Get the time of day of the change. */ - int negative; - ++tz; - if (*tz == '\0') - goto out; - negative = *tz == '-'; - tz += negative; - consumed = 0; - switch (sscanf (tz, "%hu%n:%hu%n:%hu%n", - &hh, &consumed, &mm, &consumed, &ss, &consumed)) - { - default: - hh = 2; /* Default to 2:00 AM. */ - case 1: - mm = 0; - case 2: - ss = 0; - case 3: - break; - } - tz += consumed; - tzr->secs = (negative ? -1 : 1) * ((hh * 60 * 60) + (mm * 60) + ss); + /* There is no DST. */ + tz_rules[1].name = tz_rules[0].name; + tz_rules[1].offset = tz_rules[0].offset; } - else - /* Default to 2:00 AM. */ - tzr->secs = 2 * 60 * 60; - - tzr->computed_for = -1; } - out: update_vars (); } diff --git a/timezone/Makefile b/timezone/Makefile index 17424b8..5f18545 100644 --- a/timezone/Makefile +++ b/timezone/Makefile @@ -25,7 +25,7 @@ include ../Makeconfig extra-objs := scheck.o ialloc.o others := zdump zic -tests := test-tz tst-timezone +tests := test-tz tst-timezone tst-tzset # pacificnew doesn't compile; if it is to be used, it should be included in # northamerica. @@ -90,9 +90,11 @@ $(objpfx)tst-timezone.out: $(addprefix $(testdata)/, \ Australia/Melbourne \ America/Sao_Paulo Asia/Tokyo \ Europe/London) +$(objpfx)tst-tzset.out: $(addprefix $(testdata)/XT, 1 2 3 4) test-tz-ENV = TZDIR=$(testdata) tst-timezone-ENV = TZDIR=$(testdata) +tst-tzset-ENV = TZDIR=$(testdata) # Note this must come second in the deps list for $(built-program-cmd) to work. zic-deps = $(objpfx)zic $(leapseconds) yearistype @@ -114,6 +116,8 @@ $(testdata)/America/Sao_Paulo: southamerica $(zic-deps) $(testdata)/Asia/Tokyo: asia $(zic-deps) $(build-testdata) +$(testdata)/XT%: testdata/XT% + cp $< $@ $(objpfx)tzselect: tzselect.ksh $(common-objpfx)config.make sed -e 's|/bin/bash|$(BASH)|' \ diff --git a/timezone/README b/timezone/README index 7a5e31c..2268f8e 100644 --- a/timezone/README +++ b/timezone/README @@ -15,3 +15,6 @@ version of the tzcode and tzdata packages. These packages may be found at ftp://ftp.iana.org/tz/releases/. Commentary should be addressed to tz@iana.org. + +The subdirectory testdata contains manually edited data files for +regression testing purposes. diff --git a/timezone/testdata/XT1 b/timezone/testdata/XT1 new file mode 100644 index 0000000000000000000000000000000000000000..67d7ee0ba59389b4aaea0bdce15ff6bf7056c5ef GIT binary patch literal 127 zcmWHE%1kq2Kn4GS04TzYB+3Y6vq1O}A%;Lk2w{C7Jz#x5AR1vL!~iZJWxxdhA3F~_ literal 0 HcmV?d00001 diff --git a/timezone/testdata/XT2 b/timezone/testdata/XT2 new file mode 100644 index 0000000000000000000000000000000000000000..069189e34998662d526b3645891d515a31fd6495 GIT binary patch literal 127 wcmWHE%1kq2zyQqufdEOA5y)nN@FPM%>O%. */ + +#define _GNU_SOURCE 1 + +#include +#include +#include +#include +#include +#include +#include + +static int do_test (void); +#define TEST_FUNCTION do_test () +#include "../test-skeleton.c" + +/* Returns the name of a large TZ file. */ +static char * +create_tz_file (off64_t size) +{ + char *path; + int fd = create_temp_file ("tst-tzset-", &path); + if (fd < 0) + exit (1); + + // Reopen for large-file support. + close (fd); + fd = open64 (path, O_WRONLY); + if (fd < 0) + { + printf ("open64 (%s) failed: %m\n", path); + exit (1); + } + + static const char data[] = { + 0x54, 0x5a, 0x69, 0x66, 0x32, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x58, 0x54, 0x47, 0x00, 0x00, 0x00, + 0x54, 0x5a, 0x69, 0x66, 0x32, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x04, 0xf8, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x58, 0x54, 0x47, 0x00, 0x00, + 0x00, 0x0a, 0x58, 0x54, 0x47, 0x30, 0x0a + }; + ssize_t ret = write (fd, data, sizeof (data)); + if (ret < 0) + { + printf ("write failed: %m\n"); + exit (1); + } + if ((size_t) ret != sizeof (data)) + { + printf ("Short write\n"); + exit (1); + } + if (lseek64 (fd, size, SEEK_CUR) < 0) + { + printf ("lseek failed: %m\n"); + close (fd); + return NULL; + } + if (write (fd, "", 1) != 1) + { + printf ("Single-byte write failed\n"); + close (fd); + return NULL; + } + if (close (fd) != 0) + { + printf ("close failed: %m\n"); + exit (1); + } + return path; +} + +static void +test_tz_file (off64_t size) +{ + char *path = create_tz_file (size); + if (setenv ("TZ", path, 1) < 0) + { + printf ("setenv failed: %m\n"); + exit (1); + } + tzset (); + free (path); +} + +static int +do_test (void) +{ + /* Limit the size of the process. Otherwise, some of the tests will + consume a lot of resources. */ + { + struct rlimit limit; + if (getrlimit (RLIMIT_AS, &limit) != 0) + { + printf ("getrlimit (RLIMIT_AS) failed: %m\n"); + return 1; + } + long target = 512 * 1024 * 1024; + if (limit.rlim_cur == RLIM_INFINITY || limit.rlim_cur > target) + { + limit.rlim_cur = 512 * 1024 * 1024; + if (setrlimit (RLIMIT_AS, &limit) != 0) + { + printf ("setrlimit (RLIMIT_AS) failed: %m\n"); + return 1; + } + } + } + + int errors = 0; + for (int i = 1; i <= 4; ++i) + { + char tz[16]; + snprintf (tz, sizeof (tz), "XT%d", i); + if (setenv ("TZ", tz, 1) < 0) + { + printf ("setenv failed: %m\n"); + return 1; + } + tzset (); + if (strcmp (tzname[0], tz) == 0) + { + printf ("Unexpected success for %s\n", tz); + ++errors; + } + } + + /* Large TZ files. */ + + /* This will succeed on 64-bit architectures, and fail on 32-bit + architectures. It used to crash on 32-bit. */ + test_tz_file (64 * 1024 * 1024); + + /* This will fail on 64-bit and 32-bit architectures. It used to + cause a test timeout on 64-bit and crash on 32-bit if the TZ file + open succeeded for some reason (it does not use O_LARGEFILE in + regular builds). */ + test_tz_file (4LL * 1024 * 1024 * 1024 - 6); + + /* Large TZ variables. */ + { + size_t length = 64 * 1024 * 1024; + char *value = malloc (length + 1); + if (value == NULL) + { + puts ("malloc failed: %m"); + return 1; + } + value[length] = '\0'; + + memset (value, ' ', length); + value[0] = 'U'; + value[1] = 'T'; + value[2] = 'C'; + if (setenv ("TZ", value, 1) < 0) + { + printf ("setenv failed: %m\n"); + return 1; + } + tzset (); + + memset (value, '0', length); + value[0] = '<'; + value[length - 1] = '>'; + if (setenv ("TZ", value, 1) < 0) + { + printf ("setenv failed: %m\n"); + return 1; + } + tzset (); + } + + return errors > 0; +} -- 2.1.0