jacob navia said:
Of course the workaround is easy, and lcc-win will never
overflow the buffer.
Glad to hear it. So what exactly does it do with tm_year==100000?
I'm just curious.
BUT tell me, why do we have to program workarounds for the standard?
What kind of standard is this one that needs workarounds for its BUGS?
What bugs?
C99 7.1.4p1:
Each of the following statements applies unless explicitly stated
otherwise in the detailed descriptions that follow: If an argument
to a function has an invalid value (such as a value outside the
domain of the function, or a pointer outside the address space of
the program, or a null pointer, or a pointer to non-modifiable
storage when the corresponding parameter is not const-qualified)
or a type (after promotion) not expected by a function with
variable number of arguments, the behavior is undefined.
C99 7.23.1p4:
The range and precision of times representable in clock_t and
time_t are implementation-defined. The tm structure shall contain
at least the following members, in any order. The semantics of the
members and their normal ranges are expressed in the comments.
It's not a huge leap to conclude that a value outside its "normal
range" constitute "an invalid value (such as a value outside the
domain of the function". Note that mktime() can accept values outside
their normal ranges, and this is explicitly stated. And if you
examine the sample algorithm given in the standard, it's not hard to
figure out which arguments will overflow the buffer.
asctime() is hardly the only function that exhibits undefined behavior
if you give it invalid arguments. Consider calling strlen() with a
pointer to the first element of an array that contains no '\0'
characters, or calling free() with a pointer that's already been
freed, or fwrite() with a closed file.
I agree that the limitations on asctime() should have been stated more
clearly in the standard, but on the other hand the standard is not a
tutorial. All the information is there; you just have to put it
together. I would expect a good tutorial or reference work to mention
this more explicitly.
I also agree that the required implementation of asctime() should
handle any possible values of the members of *timeptr without
undefined behavior, but I just don't think it's that big a deal.
If it were up to me, it would be changed.
But, as I've asked before, have you ever seen an actual program (one
not written for the purpose of demonstrating this problem) fail
because of this?