From: Paul Eggert <eggert@cs.ucla.edu>
Date: Tue, 19 Aug 2025 00:14:13 +0000 (-0700)
Subject: Avoid overrun when converting ns-resolution timestamps to text
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ca02de4050357850a94f9208f81e00f15d105182;p=thirdparty%2Ftar.git

Avoid overrun when converting ns-resolution timestamps to text

Caught by gcc -fsanitize=address.
Inspired by Matthias Andree’s bug report in:
https://lists.gnu.org/r/bug-tar/2025-08/msg00019.html
though I found this bug via a simple "make check"
with sanitization enabled.
* src/common.h (TIMESPEC_STRSIZE_BOUND):
Make room for leading '-', needed in addition to the '-' room
supplied by SYSINT_BUFSIZE due to the way code_timespec works.
---

diff --git a/src/common.h b/src/common.h
index 24c53cc4..b9d2ae48 100644
--- a/src/common.h
+++ b/src/common.h
@@ -715,7 +715,7 @@ char *timetostr (time_t, char buf[SYSINT_BUFSIZE]);
 void code_ns_fraction (int ns, char *p);
 enum { BILLION = 1000000000, LOG10_BILLION = 9 };
 enum { TIMESPEC_STRSIZE_BOUND =
-         SYSINT_BUFSIZE + LOG10_BILLION + sizeof "." - 1 };
+         sizeof "-." - 1 + SYSINT_BUFSIZE + LOG10_BILLION };
 char const *code_timespec (struct timespec ts,
 			   char tsbuf[TIMESPEC_STRSIZE_BOUND]);
 struct timespec decode_timespec (char const *, char **, bool);