Additional checking for strftime.

2 files changed, 14 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index 6398cbfa..53e82dea 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2015-04-16         Arnold D. Robbins     <arnold@skeeve.com>
+
+	* builtin.c (do_strftime): Use a double for the timestamp and
+	check that the value is within range for a time_t.
+
 2015-04-14         Arnold D. Robbins     <arnold@skeeve.com>
 
 	* builtin.c (do_strftime): Restore checking for negative result and
diff --git a/builtin.c b/builtin.c
index fc670946..804bd60a 100644
--- a/builtin.c
+++ b/builtin.c
@@ -1864,7 +1864,7 @@ do_strftime(int nargs)
 	NODE *t1, *t2, *t3, *ret;
 	struct tm *tm;
 	time_t fclock;
-	long clock_val;
+	double clock_val;
 	char *bufp;
 	size_t buflen, bufsize;
 	char buf[BUFSIZ];
@@ -1873,6 +1873,8 @@ do_strftime(int nargs)
 	int do_gmt;
 	NODE *val = NULL;
 	NODE *sub = NULL;
+	static const time_t time_t_min = TYPE_MINIMUM(time_t);
+	static const time_t time_t_max = TYPE_MAXIMUM(time_t);
 
 	/* set defaults first */
 	format = def_strftime_format;	/* traditional date format */
@@ -1912,7 +1914,7 @@ do_strftime(int nargs)
 			if (do_lint && (t2->flags & (NUMCUR|NUMBER)) == 0)
 				lintwarn(_("strftime: received non-numeric second argument"));
 			(void) force_number(t2);
-			clock_val = get_number_si(t2);
+			clock_val = get_number_d(t2);
 			fclock = (time_t) clock_val;
 			/*
 			 * 4/2015: Protect against negative value being assigned
@@ -1920,6 +1922,11 @@ do_strftime(int nargs)
 			 */
 			if (clock_val < 0 && fclock > 0)
 				fatal(_("strftime: second argument less than 0 or too big for time_t"));
+
+			/* And check that the value is in range */
+			if (clock_val < time_t_min || clock_val > time_t_max)
+				fatal(_("strftime: second argument out of range for time_t"));
+
 			DEREF(t2);
 		}