CERT-MSC33-C
In this section:
Synopsis
Do not pass invalid data to the asctime() function.
Enabled by default
No
Severity/Certainty
High/High
Full description
The implementation of asctime may assume that the values of the struct tm data are within normal ranges and does nothing to enforce the range limit. If any of the values print more characters than expected, the sprintf() function may overflow the result array.
Coding standards
- CERT MSC33-C
Do not pass invalid data to the asctime() function
Code examples
The following code example fails the check and will give a warning:
#include <time.h>
void func(struct tm *time_tm) {
char *time = asctime(time_tm);
}
The following code example passes the check and will not give a warning about this issue:
#include <time.h>
enum { maxsize = 26 };
void func(struct tm *time) {
char s[maxsize];
/* Current time representation for locale */
const char *format = "%c";
size_t size = strftime(s, maxsize, format, time);
}