[asctime]
jacob navia said:
The behavior for out of range arguments is NOT SPECIFIED.
They didn't take the trouble of SAYING that years should
be smaller than 10000, and months/days should be smaller than 31.
The limits are easily deduced from 4.12.3.1 of C90 or 7.23.3.1 of C99. For
the buffer not to overflow:
tm_wday must be in the range 0-6.
tm_mon must be in the range 0-11.
tm_mday must be in the range 0-999(!).
tm_hour must be in the range 0-99.
tm_min must be in the range 0-99.
tm_sec must be in the range 0-99.
tm_year must be in the range 0-8099.
I don't see what's so hard. Nor will any of these limits be exceeded (for
the next few millennia, at any rate) if you pass in the address of a
struct tm that has been properly normalised by mktime. Incidentally, the
mktime spec directs you "above", to 4.12.1 (C89) or 7.23.1(4) (C99), where
more stringent limits are clearly laid out:
int tm_sec; // seconds after the minute - [0, 60]
int tm_min; // minutes after the hour - [0, 59]
int tm_hour; // hours since midnight - [0, 23]
int tm_mday; // day of the month - [1, 31]
int tm_mon; // months since January - [0, 11]
int tm_year; // years since 1900
int tm_wday; // days since Sunday - [0, 6]
int tm_yday; // days since January 1 - [0, 365]
int tm_isdst; // Daylight Saving Time flag
They presented code that crashes at the slightest bad input and
they wrote that code into the standard document.
strcpy can do the same. So can free. And fclose. And atoi. So what? When
calling standard library functions (or indeed any functions), it is the
programmer's responsibility to provide appropriate input data. C is not a
straitjacket. It's a power tool. Don't Cut Yourself.
Because it's not broken.