Buffer overflow in getDateTime()

[welchr]

We had an issue where the program would terminate abnormally, and it looks like the culprit was snprintf() in the function getDateTime(). The char buffer is 100 bytes, but snprintf attempts to write 126. The compiler also gives a warning about it that I didn't notice originally:

In function ‘int snprintf(char*, size_t, const char*, ...)’,
inlined from ‘std::string getDateTime(const time_t&)’ at utils.cpp:172:48:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:66:44: warning: call to int __builtin___snprintf_chk(char*, long unsigned int, int, long unsigned int, const char*, ...) will always overflow destination

Changing char buffer[100] to char buffer[126] within that function solved the problem for us.

[timflutre]

Yes, thanks. It will be corrected in v1.3. But it sounds strange that this was causing the program to terminate abnormally. The char array only contains year, month, day, hours, minutes and seconds. So it should always use less than 100 characters, right? I'm asking this because neither me nor any other user has ever had the program terminate because of that.

[welchr]

It looks like it's something GCC does to protect against overflows:

http://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html
http://thexploit.com/secdev/turning-off-buffer-overflow-protections-in-gcc/

Maybe that __builtin___snprintf_chk() function is being called to check the size of the destination and the assertion is failing. Not sure why on our system it causes the program to fault but not on others - maybe our system or version of GCC has those overflow protections enabled by default?

[timflutre]

Ok, thanks a lot for your detailed answer. Does it work fine for you when using "char buffer[128];" instead of "char buffer[100];"?

[welchr]

It sure does.

Thanks again for the wonderful program. We're looking forward to seeing what comes out of the analysis...

[timflutre]

fixed in v1.2.2