[Python-bugs-list] strptime buffer overflow (PR#95)

guido@CNRI.Reston.VA.US guido@CNRI.Reston.VA.US
Tue, 5 Oct 1999 12:50:00 -0400 (EDT)


> I got a core dump with the following line, and I don't see it in the bug
> database.  I inadvertantly put a %X instead of a %Y in the format 
> string for strptime:
> 
> Python 1.5.2 (#1, Apr 18 1999, 16:03:16)  [GCC pgcc-2.91.60 19981201 (egcs-1.1.1
>  on linux2
> Copyright 1991-1995 Stichting Mathematisch Centrum, Amsterdam
> >>> import time
> >>> time.strptime("Oct 28 1999", "%b %d %X")
> Segmentation fault (core dumped) 

Thanks.  This raises a ValueError when I try it on Solaris.  The C
code in the Python time module for this is very simple; unless you can 
prove otherwise, this is a bug in the C library on the Linux version
you're using.

(Note that this is one of the reasons why I was originally very
reluctant to add strptime() to the time module -- it is ill specified
and can be buggy, and it would be a lot of work to write a bulletproof
piece of code to check that the format string is valid.  But there was 
continuous pressure from strptime() fans to add it.  My advice: write
your own time parser for your own needs using regular expressions.)

--Guido van Rossum (home page: http://www.python.org/~guido/)