FormatMagickTime not safe

Post any defects you find in the released or beta versions of the ImageMagick software here. Include the ImageMagick version, OS, and any command-line required to reproduce the problem. Got a patch for a bug? Post it here.
Post Reply
mootools
Posts: 19
Joined: 2005-06-30T06:08:40-07:00
Location: France

FormatMagickTime not safe

Post by mootools » 2008-12-14T14:14:40-07:00

Hello,

The FormatMagickTime (string.c) function is not safe and some crashes might occurs on it, particularly if the provided time is not correct. It occurs on some of my files. Here is the current code:

Code: Select all

  local_time=(*localtime(&time)); // Not secure because localtime can return NULL if time is invalid.
  utc_time=(*gmtime(&time)); // idem
This would be better like this:

Code: Select all

  struct tm
    local_time,
    utc_time, *tmptime;

  strcpy(timestamp, "");

  tmptime=localtime(&time);
  if (!tmptime)
     return 0;
  local_time = *tmptime ;

  tmptime=gmtime(&time); 
  if (!tmptime)
     return 0;
  utc_time = *tmptime ;
  ...
What do you think of this suggestion ?

Manuel
Last edited by mootools on 2008-12-14T14:36:33-07:00, edited 1 time in total.
Manuel Jouglet
Mootools

User avatar
magick
Site Admin
Posts: 11040
Joined: 2003-05-31T11:32:55-07:00

Re: FormatMagickTime not safe

Post by magick » 2008-12-14T14:25:12-07:00

We have applied your patch to ImageMagick 6.4.7-8 available sometime tomorrow. Thanks.

mootools
Posts: 19
Joined: 2005-06-30T06:08:40-07:00
Location: France

Re: FormatMagickTime not safe

Post by mootools » 2008-12-14T14:38:48-07:00

Thanks.

I made a correction on the above code. The correct code is:

Code: Select all

  tmptime=localtime(&time);
  ...
  tmptime=gmtime(&time);
  ...
and not (the first version I post, which was wrong)

Code: Select all

  tmptime=(*localtime)(&time);
  ...
  tmptime=(*gmtime)(&time);
  ...
Sorry for the mistake.

Manuel
Manuel Jouglet
Mootools

Post Reply