Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 07 Mar 1997 23:53:24 +0900
From:      Kazutaka YOKOTA <yokota@zodiac.mech.utsunomiya-u.ac.jp>
To:        Bruce Evans <bde@zeta.org.au>
Cc:        cvs-all@freefall.freebsd.org, CVS-committers@freefall.freebsd.org, cvs-usrbin@freefall.freebsd.org, yokota@freefall.freebsd.org
Subject:   Re: cvs commit: src/usr.bin/w pr_time.c w.c 
Message-ID:  <199703071453.XAA06358@zodiac.mech.utsunomiya-u.ac.jp>
In-Reply-To: Your message of "Fri, 07 Mar 1997 23:29:13 %2B1100." <199703071229.XAA14372@godzilla.zeta.org.au> 
References:  <199703071229.XAA14372@godzilla.zeta.org.au>
next in thread | previous in thread | raw e-mail | index | archive | help 
>>  Modified:    usr.bin/w  pr_time.c w.c
>>  Log:
>>  Made sure the string formated by strftime() is properly
>>  null-terminated.
>
>Strings are null-terminated by definition.  According to the ANSI C
>standard, strftime() gives either a string (if there is enough space)
>or indeterminate buffer contents (otherwise) according to the ANSI C
>standard.  The FreeBSD behaviour of truncating the string should not
>be documented or depended on.  This means that the result of strftime()
>should always be checked.  A fixed-size buffer may be too small because
>the locale has long time-related strings.
>
>Bruce

Maybe I should have said "Put 0 at the end of the buffer used by
strftime() so that the buffer is null-terminated even when strftime()
doesn't place 0 there."

What I did was something like this in a couple of places.

--- pr_time.c-dist	Tue Feb 11 19:49:24 1997
+++ pr_time.c	Sun Feb 23 11:55:20 1997
@@ -76,7 +76,8 @@
 		(void)strcpy(fmt, __CONCAT("%l:%", "M%p"));
 	}
 
-	(void)strftime(buf, sizeof(buf), fmt, tp);
+	(void)strftime(buf, sizeof(buf) - 1, fmt, tp);
+	buf[sizeof(buf) - 1] = '\0';
 	(void)printf("%s", buf);
 }

As far as I can understand from src/lib/libc/stdtime/strftime.c, the
FreeBSD version of strftime() does not truncate the string when there
is not enough space in the buffer, rather it stuffs as many characters
into the buffer as possible and returns without a terminal zero. Thus,
it follows the ANSI C standard, does it not?

I am bit confused. Should I back out the patch?

Kazu

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199703071453.XAA06358>