From 3de71423b3a39be0b9536413321c953cbf99b119 Mon Sep 17 00:00:00 2001
From: "Arnold D. Robbins" <arnold@skeeve.com>
Date: Tue, 14 Apr 2015 14:00:22 +0300
Subject: Improve negative time value checking for strftime.

---
 builtin.c | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

(limited to 'builtin.c')

diff --git a/builtin.c b/builtin.c
index 7aeccd5f..a7853d7c 100644
--- a/builtin.c
+++ b/builtin.c
@@ -1913,17 +1913,13 @@ do_strftime(int nargs)
 				lintwarn(_("strftime: received non-numeric second argument"));
 			(void) force_number(t2);
 			clock_val = get_number_si(t2);
+			fclock = (time_t) clock_val;
 			/*
-			 * 4/2015: This used to be here:
-			 *
-			 * if (clock_val < 0)
-			 *	fatal(_("strftime: second argument less than 0 or too big for time_t"));
-			 *
-			 * It is now disabled since some systems have strftime that works
-			 * on times before the epoch.  No arbritrary limits comes into
-			 * play at this point.
+			 * 4/2015: Protect against negative value being assigned
+			 * to unsigned time_t.
 			 */
-			fclock = (time_t) clock_val;
+			if (clock_val < 0 && fclock > 0)
+				fatal(_("strftime: second argument less than 0 or too big for time_t"));
 			DEREF(t2);
 		}
 
-- 
cgit v1.2.3