BESUtil::get_time() has a pointer problem

Description

BESUtil::get_time() uses the strftime() function to build the time string. It declares the buffer passed to strftime() like this:

1 char buf[sizeof "YYYY-MM-DDTHH:MM:SSzone"];

Which is all well and good if the timezone abbreviation is never more than 4 characters. Unfortunately there are several timezone abbreviations with 5 characters: ACWST, ANAST, AZOST, CHADT, CHAST, CHOST, CIDST, EASST, HOVST, IRKST, KRAST, MAGST, NOVST, OMSST, PETST, ULAST, VLAST, WARST, YAKST, YEKST (No claims that this list is complete, it's just to make the point)

I think a simple fix would be to change the buffer declaration to:

1 char buf[sizeof "YYYY-MM-DDTHH:MM:SSzones"];

I made this change, but the original code is safe. strftime() takes the size of the buffer and won't overwrite its bounds = instead it returns zero if there's not enough space.

Environment

None

Status

Assignee

James Gallagher

Reporter

Nathan Potter

Labels

None

Story Points

None

Epic Link

Components

Sprint

None

Priority

Medium
Configure