diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/encoding/time_fmt.c | 4 | ||||
-rw-r--r-- | src/test/test_util.c | 21 |
2 files changed, 25 insertions, 0 deletions
diff --git a/src/lib/encoding/time_fmt.c b/src/lib/encoding/time_fmt.c index 5b2440d1ab..40543d41e0 100644 --- a/src/lib/encoding/time_fmt.c +++ b/src/lib/encoding/time_fmt.c @@ -39,6 +39,8 @@ * * Convert *<b>timep</b> to a struct tm in local time, and store the value in * *<b>result</b>. Return the result on success, or NULL on failure. + * + * Treat malformatted inputs localtime outputs as a BUG. */ struct tm * tor_localtime_r(const time_t *timep, struct tm *result) @@ -56,6 +58,8 @@ tor_localtime_r(const time_t *timep, struct tm *result) * * Convert *<b>timep</b> to a struct tm in UTC, and store the value in * *<b>result</b>. Return the result on success, or NULL on failure. + * + * Treat malformatted inputs or gmtime outputs as a BUG. */ struct tm * tor_gmtime_r(const time_t *timep, struct tm *result) diff --git a/src/test/test_util.c b/src/test/test_util.c index 089c1f1d7e..6a7b42b788 100644 --- a/src/test/test_util.c +++ b/src/test/test_util.c @@ -690,6 +690,12 @@ test_util_time(void *arg) expect_single_log_msg_containing(msg); \ teardown_capture_of_logs(); \ } while (0) +#define CHECK_POSSIBLE_EINVAL() do { \ + if (mock_saved_log_n_entries()) { \ + expect_single_log_msg_containing("Invalid argument"); \ + } \ + teardown_capture_of_logs(); \ + } while (0) #define CHECK_TIMEGM_ARG_OUT_OF_RANGE(msg) \ CHECK_TIMEGM_WARNING("Out-of-range argument to tor_timegm") @@ -885,12 +891,16 @@ test_util_time(void *arg) if (sizeof(time_t) == 4 || sizeof(time_t) == 8) { t_res = -1*(1 << 30); + CAPTURE(); tor_gmtime_r(&t_res, &b_time); + CHECK_POSSIBLE_EINVAL(); tt_assert(b_time.tm_year == (1970-1900) || b_time.tm_year == (1935-1900)); t_res = INT32_MIN; + CAPTURE(); tor_gmtime_r(&t_res, &b_time); + CHECK_POSSIBLE_EINVAL(); tt_assert(b_time.tm_year == (1970-1900) || b_time.tm_year == (1901-1900)); } @@ -900,7 +910,9 @@ test_util_time(void *arg) /* one of the smallest tm_year values my 64 bit system supports: * b_time.tm_year == (-292275055LL-1900LL) without clamping */ t_res = -9223372036854775LL; + CAPTURE(); tor_gmtime_r(&t_res, &b_time); + CHECK_POSSIBLE_EINVAL(); tt_assert(b_time.tm_year == (1970-1900) || b_time.tm_year == (1-1900)); @@ -926,7 +938,9 @@ test_util_time(void *arg) { /* As above, but with localtime. */ t_res = -9223372036854775LL; + CAPTURE(); tor_localtime_r(&t_res, &b_time); + CHECK_POSSIBLE_EINVAL(); tt_assert(b_time.tm_year == (1970-1900) || b_time.tm_year == (1-1900)); @@ -983,7 +997,9 @@ test_util_time(void *arg) /* one of the largest tm_year values my 64 bit system supports: * b_time.tm_year == (292278994L-1900L) without clamping */ t_res = 9223372036854775LL; + CAPTURE(); tor_gmtime_r(&t_res, &b_time); + CHECK_POSSIBLE_EINVAL(); tt_assert(b_time.tm_year == (2037-1900) || b_time.tm_year == (9999-1900)); @@ -1004,7 +1020,9 @@ test_util_time(void *arg) { /* As above but with localtime. */ t_res = 9223372036854775LL; + CAPTURE(); tor_localtime_r(&t_res, &b_time); + CHECK_POSSIBLE_EINVAL(); tt_assert(b_time.tm_year == (2037-1900) || b_time.tm_year == (9999-1900)); @@ -1216,7 +1234,9 @@ test_util_time(void *arg) /* This value is out of range with 32 bit time_t, but in range for 64 bit * time_t */ tv.tv_sec = (time_t)2150000000UL; + CAPTURE(); format_iso_time(timestr, (time_t)tv.tv_sec); + CHECK_POSSIBLE_EINVAL(); #if SIZEOF_TIME_T == 4 /* format_iso_time should indicate failure on overflow, but it doesn't yet. * Hopefully #18480 will improve the failure semantics in this case. @@ -1231,6 +1251,7 @@ test_util_time(void *arg) #undef CAPTURE #undef CHECK_TIMEGM_ARG_OUT_OF_RANGE +#undef CHECK_POSSIBLE_EINVAL done: teardown_capture_of_logs(); |