[PATCH 1/2] test: add known broken test with timestamp beyond 2038

classic Classic list List threaded Threaded
4 messages Options
Peter Wang-2 Peter Wang-2
Reply | Threaded
Open this post in threaded view
|

[PATCH 1/2] test: add known broken test with timestamp beyond 2038

---
 test/T160-json.sh | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/test/T160-json.sh b/test/T160-json.sh
index 004adb4e..ec1b5adb 100755
--- a/test/T160-json.sh
+++ b/test/T160-json.sh
@@ -64,6 +64,21 @@ test_expect_equal_json "$output" "[{\"thread\": \"XXX\",
  \"tags\": [\"inbox\",
  \"unread\"]}]"
 
+test_begin_subtest "Search message: json, 64-bit timestamp"
+test_subtest_known_broken
+add_message "[subject]=\"json-search-64bit-timestamp-subject\"" "[date]=\"Tue, 01 Jan 2999 12:00:00 -0000\"" "[body]=\"json-search-64bit-timestamp-message\""
+output=$(notmuch search --format=json "json-search-64bit-timestamp-message" | notmuch_search_sanitize)
+test_expect_equal_json "$output" "[{\"thread\": \"XXX\",
+ \"timestamp\": 32472187200,
+ \"date_relative\": \"the future\",
+ \"matched\": 1,
+ \"total\": 1,
+ \"authors\": \"Notmuch Test Suite\",
+ \"subject\": \"json-search-64bit-timestamp-subject\",
+ \"query\": [\"id:$gen_msg_id\", null],
+ \"tags\": [\"inbox\",
+ \"unread\"]}]"
+
 test_begin_subtest "Format version: too low"
 test_expect_code 20 "notmuch search --format-version=0 \\*"
 
--
2.25.0

_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch
Peter Wang-2 Peter Wang-2
Reply | Threaded
Open this post in threaded view
|

[PATCH 2/2] sprinter: change integer method to use int64_t

In particular, timestamps beyond 2038 could overflow the sprinter
interface on systems where time_t is 64-bit but 'int' is a signed 32-bit
integer type.
---
 sprinter-json.c   | 5 +++--
 sprinter-sexp.c   | 5 +++--
 sprinter-text.c   | 5 +++--
 sprinter.h        | 2 +-
 test/T160-json.sh | 1 -
 5 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/sprinter-json.c b/sprinter-json.c
index c6ec8577..273bdeca 100644
--- a/sprinter-json.c
+++ b/sprinter-json.c
@@ -1,3 +1,4 @@
+#include <inttypes.h>
 #include <stdbool.h>
 #include <stdio.h>
 #include <talloc.h>
@@ -124,11 +125,11 @@ json_string (struct sprinter *sp, const char *val)
 }
 
 static void
-json_integer (struct sprinter *sp, int val)
+json_integer (struct sprinter *sp, int64_t val)
 {
     struct sprinter_json *spj = json_begin_value (sp);
 
-    fprintf (spj->stream, "%d", val);
+    fprintf (spj->stream, "%"PRId64, val);
 }
 
 static void
diff --git a/sprinter-sexp.c b/sprinter-sexp.c
index 6891ea42..35c007d5 100644
--- a/sprinter-sexp.c
+++ b/sprinter-sexp.c
@@ -18,6 +18,7 @@
  * Author: Peter Feigl <[hidden email]>
  */
 
+#include <inttypes.h>
 #include <stdbool.h>
 #include <stdio.h>
 #include <talloc.h>
@@ -161,11 +162,11 @@ sexp_keyword (struct sprinter *sp, const char *val)
 }
 
 static void
-sexp_integer (struct sprinter *sp, int val)
+sexp_integer (struct sprinter *sp, int64_t val)
 {
     struct sprinter_sexp *sps = sexp_begin_value (sp);
 
-    fprintf (sps->stream, "%d", val);
+    fprintf (sps->stream, "%"PRId64, val);
 }
 
 static void
diff --git a/sprinter-text.c b/sprinter-text.c
index 648b54b1..7b68f98c 100644
--- a/sprinter-text.c
+++ b/sprinter-text.c
@@ -1,3 +1,4 @@
+#include <inttypes.h>
 #include <stdbool.h>
 #include <stdio.h>
 #include <talloc.h>
@@ -44,11 +45,11 @@ text_string (struct sprinter *sp, const char *val)
 }
 
 static void
-text_integer (struct sprinter *sp, int val)
+text_integer (struct sprinter *sp, int64_t val)
 {
     struct sprinter_text *sptxt = (struct sprinter_text *) sp;
 
-    fprintf (sptxt->stream, "%d", val);
+    fprintf (sptxt->stream, "%"PRId64, val);
 }
 
 static void
diff --git a/sprinter.h b/sprinter.h
index 182b1a8b..528d8a2d 100644
--- a/sprinter.h
+++ b/sprinter.h
@@ -33,7 +33,7 @@ typedef struct sprinter {
      */
     void (*string)(struct sprinter *, const char *);
     void (*string_len)(struct sprinter *, const char *, size_t);
-    void (*integer)(struct sprinter *, int);
+    void (*integer)(struct sprinter *, int64_t);
     void (*boolean)(struct sprinter *, bool);
     void (*null)(struct sprinter *);
 
diff --git a/test/T160-json.sh b/test/T160-json.sh
index ec1b5adb..d975efa7 100755
--- a/test/T160-json.sh
+++ b/test/T160-json.sh
@@ -65,7 +65,6 @@ test_expect_equal_json "$output" "[{\"thread\": \"XXX\",
  \"unread\"]}]"
 
 test_begin_subtest "Search message: json, 64-bit timestamp"
-test_subtest_known_broken
 add_message "[subject]=\"json-search-64bit-timestamp-subject\"" "[date]=\"Tue, 01 Jan 2999 12:00:00 -0000\"" "[body]=\"json-search-64bit-timestamp-message\""
 output=$(notmuch search --format=json "json-search-64bit-timestamp-message" | notmuch_search_sanitize)
 test_expect_equal_json "$output" "[{\"thread\": \"XXX\",
--
2.25.0

_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch
David Bremner-2 David Bremner-2
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 2/2] sprinter: change integer method to use int64_t

Peter Wang <[hidden email]> writes:

> In particular, timestamps beyond 2038 could overflow the sprinter
> interface on systems where time_t is 64-bit but 'int' is a signed 32-bit
> integer type.

Series pushed to master.

d
_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch
Daniel Kahn Gillmor Daniel Kahn Gillmor
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 2/2] sprinter: change integer method to use int64_t

On Thu 2020-02-13 19:13:51 -0400, David Bremner wrote:
> Peter Wang <[hidden email]> writes:
>
>> In particular, timestamps beyond 2038 could overflow the sprinter
>> interface on systems where time_t is 64-bit but 'int' is a signed 32-bit
>> integer type.
>
> Series pushed to master.

I'm a bit slow following up on this, but just wanted to say thanks to
Peter for his fix here.  This kind of additional robustness is
definitely appreciated, even well before Y2038.  And especially in the
face of malicious input, which is basically the only thing that notmuch
deals with!

       --dkg

_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch

signature.asc (233 bytes) Download Attachment