Page 1 of 1

FormatMagickTime not safe

Posted: 2008-12-14T14:14:40-07:00
by mootools
Hello,

The FormatMagickTime (string.c) function is not safe and some crashes might occurs on it, particularly if the provided time is not correct. It occurs on some of my files. Here is the current code:

Code: Select all

  local_time=(*localtime(&time)); // Not secure because localtime can return NULL if time is invalid.
  utc_time=(*gmtime(&time)); // idem
This would be better like this:

Code: Select all

  struct tm
    local_time,
    utc_time, *tmptime;

  strcpy(timestamp, "");

  tmptime=localtime(&time);
  if (!tmptime)
     return 0;
  local_time = *tmptime ;

  tmptime=gmtime(&time); 
  if (!tmptime)
     return 0;
  utc_time = *tmptime ;
  ...
What do you think of this suggestion ?

Manuel

Re: FormatMagickTime not safe

Posted: 2008-12-14T14:25:12-07:00
by magick
We have applied your patch to ImageMagick 6.4.7-8 available sometime tomorrow. Thanks.

Re: FormatMagickTime not safe

Posted: 2008-12-14T14:38:48-07:00
by mootools
Thanks.

I made a correction on the above code. The correct code is:

Code: Select all

  tmptime=localtime(&time);
  ...
  tmptime=gmtime(&time);
  ...
and not (the first version I post, which was wrong)

Code: Select all

  tmptime=(*localtime)(&time);
  ...
  tmptime=(*gmtime)(&time);
  ...
Sorry for the mistake.

Manuel