Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-63205

Wrong parsing of leap seconds from timezone tzfiles

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P3: Somewhat important
    • Resolution: Done
    • Affects Version/s: 5.2.0
    • Fix Version/s: 5.9.2
    • Component/s: Core: Other
    • Labels:
      None

      Description

      While browsing through the source code of QT I noticed that at parsing of the leap seconds from Linux timezone files (tzfile) can create a very bad unexpected behaviour.

      In
      http://code.qt.io/cgit/qt/qtbase.git/tree/src/corelib/tools/qtimezoneprivate_tz.cpp?h=dev#n275

      the variable "qint64 val" is supposed to be a "qint32 val". Extracting 64 bits of information instead of 32 for each leap second will compromise all following data of the data stream and therefore generate false timezone information, or crash the program.

      Currently there are, as far as I know, no leap seconds encoded in any tzfiles so currently we were lucky here, but mishandling these leap seconds can be problematic in future.

      A reference for the tzfile format:
      http://man7.org/linux/man-pages/man5/tzfile.5.html

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            thiago Thiago Macieira
            Reporter:
            etc_mbaumgartner Maximilian Baumgartner
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Gerrit Reviews

                There are no open Gerrit changes