If tm->msec is negative or more than 999, stack buffer overflow happens.
Possible solution is keep msec in range [0..999].
Testing performed via Libfuzzer.
Signed-off-by: Vitaly Listratenko <[email protected]>
---
diff --git a/lib/timeval.c b/lib/timeval.c
index 10c1b9ca1..d29105053 100644
--- a/lib/timeval.c
+++ b/lib/timeval.c
@@ -865,7 +865,8 @@ strftime_msec(char *s, size_t max, const char *format,
char decimals[4];
char *p;
- sprintf(decimals, "%03d", tm->msec);
+ int msec = tm->msec > 999 ? 999 : (tm->msec < 0 ? 0 : tm->msec);
+ sprintf(decimals, "%03d", msec);
for (p = strchr(s, '#'); p; p = strchr(p, '#')) {
char *d = decimals;
while (*p == '#') {
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
