This patch series fixes some bugs involving integer overflow in leap second calculations at runtime. The main problem is with the optional time2posix and posix2time functions; without the patches the functions can crash or loop indefinitely or return completely-wrong answers. With these patches the functions have new, documented behavior: they return (time_t) -1 and set errno to EOVERFLOW when the result is not representable, instead of behaving badly in tricky situations.
Given the problems I've been seeing with the leap second runtime code, and given the worry that similar problems remain, and given that the leap second runtime code is rarely used in practice, I'm thinking it may be a good idea to add a compile-time option to disable localtime.c's support for leap seconds. Using the option would shrink the attack surface on tzcode. Paul Eggert (3): Fix theoretical -2**31 leapcorr bug Improve time2posix man page Fix overflow bugs in time2posix and posix2time NEWS | 13 ++++- localtime.c | 90 +++++++++++++++++++++------------- time2posix.3 | 134 ++++++++++++++++++++++++++++++++++----------------- 3 files changed, 156 insertions(+), 81 deletions(-) -- 2.51.0
