Submitter: Clive Feather (UK)
Submission Date: 2000-04-04
Source:
Reference Document: N/A
Version: 1.3
Date: 2001-09-18 15:51:36
Subject: asctime limits
Summary
The definition of the asctime function
involves a sprintf call writing into a buffer
of size 26. This call will have undefined behaviour if the year
being represented falls outside the range [-999, 9999]. Since
applications may have relied on the size of 26, this should not
be corrected by allowing the implementation to generate a
longer string. This is a defect because the specification is
not self-consistent and does not restrict the domain of the
argument.
Suggested Technical Corrigendum
Append to 7.23.3.1[#2]:
except that if the value of timeptr->tm_year is outside the range [-2899, 8099] (and thus the represented year will not fit into four characters) it is replaced by up to 4 implementation-defined characters.
Committee Response
From 7.1.4 paragraph 1:
If an argument to a function has an invalid value (such as a value outside the domain of the function, or a pointer outside the address space of the program, or a null pointer, or a pointer to non-modifiable storage when the corresponding parameter is not const-qualified) or a type (after promotion) not expected by a function with variable number of arguments, the behavior is undefined.Thus, asctime() may exhibit undefined behavior if any of the members of timeptr produce undefined behavior in the sample algorithm (for example, if the timeptr->tm_wday is outside the range 0 to 6 the function may index beyond the end of an array).
As always, the range of undefined behavior permitted includes:
There is no consensus to make the suggested change or any change along this line.