Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-63205

Wrong parsing of leap seconds from timezone tzfiles

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P3: Somewhat important
    • Resolution: Done
    • Affects Version/s: 5.2.0
    • Fix Version/s: 5.9.2
    • Component/s: Core: Other
    • Labels:
      None

      Description

      While browsing through the source code of QT I noticed that at parsing of the leap seconds from Linux timezone files (tzfile) can create a very bad unexpected behaviour.

      In
      http://code.qt.io/cgit/qt/qtbase.git/tree/src/corelib/tools/qtimezoneprivate_tz.cpp?h=dev#n275

      the variable "qint64 val" is supposed to be a "qint32 val". Extracting 64 bits of information instead of 32 for each leap second will compromise all following data of the data stream and therefore generate false timezone information, or crash the program.

      Currently there are, as far as I know, no leap seconds encoded in any tzfiles so currently we were lucky here, but mishandling these leap seconds can be problematic in future.

      A reference for the tzfile format:
      http://man7.org/linux/man-pages/man5/tzfile.5.html

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            • Assignee:
              thiago Thiago Macieira
              Reporter:
              etc_mbaumgartner Maximilian Baumgartner
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Gerrit Reviews

                There are no open Gerrit changes