Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-63205

Wrong parsing of leap seconds from timezone tzfiles

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P3: Somewhat important
    • 5.9.2
    • 5.2.0
    • Core: Other
    • None

    Description

      While browsing through the source code of QT I noticed that at parsing of the leap seconds from Linux timezone files (tzfile) can create a very bad unexpected behaviour.

      In
      http://code.qt.io/cgit/qt/qtbase.git/tree/src/corelib/tools/qtimezoneprivate_tz.cpp?h=dev#n275

      the variable "qint64 val" is supposed to be a "qint32 val". Extracting 64 bits of information instead of 32 for each leap second will compromise all following data of the data stream and therefore generate false timezone information, or crash the program.

      Currently there are, as far as I know, no leap seconds encoded in any tzfiles so currently we were lucky here, but mishandling these leap seconds can be problematic in future.

      A reference for the tzfile format:
      http://man7.org/linux/man-pages/man5/tzfile.5.html

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            thiago Thiago Macieira
            etc_mbaumgartner Maximilian Baumgartner
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes