Improve negative time value checking for strftime.

2 files changed, 12 insertions, 9 deletions

diff --git a/ChangeLog b/ChangeLog
index 335ab6eb..f7b45d9f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2015-04-14         Arnold D. Robbins     <arnold@skeeve.com>
+
+	* builtin.c (do_strftime): Restore checking for negative result and
+	add check that time_t is > 0 --- means we're assigning a negative value
+	to an unsigned time_t. Thanks again to Glaudiston Gomes da Silva
+	<glaudistong@gmail.com>.
+
 2015-04-13         Arnold D. Robbins     <arnold@skeeve.com>
 
 	* regcomp.c (analyze): Prevent malloc(0).
diff --git a/builtin.c b/builtin.c
index 7aeccd5f..a7853d7c 100644
--- a/builtin.c
+++ b/builtin.c
@@ -1913,17 +1913,13 @@ do_strftime(int nargs)
 				lintwarn(_("strftime: received non-numeric second argument"));
 			(void) force_number(t2);
 			clock_val = get_number_si(t2);
+			fclock = (time_t) clock_val;
 			/*
-			 * 4/2015: This used to be here:
-			 *
-			 * if (clock_val < 0)
-			 *	fatal(_("strftime: second argument less than 0 or too big for time_t"));
-			 *
-			 * It is now disabled since some systems have strftime that works
-			 * on times before the epoch.  No arbritrary limits comes into
-			 * play at this point.
+			 * 4/2015: Protect against negative value being assigned
+			 * to unsigned time_t.
 			 */
-			fclock = (time_t) clock_val;
+			if (clock_val < 0 && fclock > 0)
+				fatal(_("strftime: second argument less than 0 or too big for time_t"));
 			DEREF(t2);
 		}