* [PATCH 1/2] test: add known broken test with timestamp beyond 2038 @ 2020-02-08 1:49 Peter Wang 2020-02-08 1:49 ` [PATCH 2/2] sprinter: change integer method to use int64_t Peter Wang 0 siblings, 1 reply; 4+ messages in thread From: Peter Wang @ 2020-02-08 1:49 UTC (permalink / raw) To: notmuch --- test/T160-json.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/test/T160-json.sh b/test/T160-json.sh index 004adb4e..ec1b5adb 100755 --- a/test/T160-json.sh +++ b/test/T160-json.sh @@ -64,6 +64,21 @@ test_expect_equal_json "$output" "[{\"thread\": \"XXX\", \"tags\": [\"inbox\", \"unread\"]}]" +test_begin_subtest "Search message: json, 64-bit timestamp" +test_subtest_known_broken +add_message "[subject]=\"json-search-64bit-timestamp-subject\"" "[date]=\"Tue, 01 Jan 2999 12:00:00 -0000\"" "[body]=\"json-search-64bit-timestamp-message\"" +output=$(notmuch search --format=json "json-search-64bit-timestamp-message" | notmuch_search_sanitize) +test_expect_equal_json "$output" "[{\"thread\": \"XXX\", + \"timestamp\": 32472187200, + \"date_relative\": \"the future\", + \"matched\": 1, + \"total\": 1, + \"authors\": \"Notmuch Test Suite\", + \"subject\": \"json-search-64bit-timestamp-subject\", + \"query\": [\"id:$gen_msg_id\", null], + \"tags\": [\"inbox\", + \"unread\"]}]" + test_begin_subtest "Format version: too low" test_expect_code 20 "notmuch search --format-version=0 \\*" -- 2.25.0 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] sprinter: change integer method to use int64_t 2020-02-08 1:49 [PATCH 1/2] test: add known broken test with timestamp beyond 2038 Peter Wang @ 2020-02-08 1:49 ` Peter Wang 2020-02-13 23:13 ` David Bremner 0 siblings, 1 reply; 4+ messages in thread From: Peter Wang @ 2020-02-08 1:49 UTC (permalink / raw) To: notmuch In particular, timestamps beyond 2038 could overflow the sprinter interface on systems where time_t is 64-bit but 'int' is a signed 32-bit integer type. --- sprinter-json.c | 5 +++-- sprinter-sexp.c | 5 +++-- sprinter-text.c | 5 +++-- sprinter.h | 2 +- test/T160-json.sh | 1 - 5 files changed, 10 insertions(+), 8 deletions(-) diff --git a/sprinter-json.c b/sprinter-json.c index c6ec8577..273bdeca 100644 --- a/sprinter-json.c +++ b/sprinter-json.c @@ -1,3 +1,4 @@ +#include <inttypes.h> #include <stdbool.h> #include <stdio.h> #include <talloc.h> @@ -124,11 +125,11 @@ json_string (struct sprinter *sp, const char *val) } static void -json_integer (struct sprinter *sp, int val) +json_integer (struct sprinter *sp, int64_t val) { struct sprinter_json *spj = json_begin_value (sp); - fprintf (spj->stream, "%d", val); + fprintf (spj->stream, "%"PRId64, val); } static void diff --git a/sprinter-sexp.c b/sprinter-sexp.c index 6891ea42..35c007d5 100644 --- a/sprinter-sexp.c +++ b/sprinter-sexp.c @@ -18,6 +18,7 @@ * Author: Peter Feigl <peter.feigl@gmx.at> */ +#include <inttypes.h> #include <stdbool.h> #include <stdio.h> #include <talloc.h> @@ -161,11 +162,11 @@ sexp_keyword (struct sprinter *sp, const char *val) } static void -sexp_integer (struct sprinter *sp, int val) +sexp_integer (struct sprinter *sp, int64_t val) { struct sprinter_sexp *sps = sexp_begin_value (sp); - fprintf (sps->stream, "%d", val); + fprintf (sps->stream, "%"PRId64, val); } static void diff --git a/sprinter-text.c b/sprinter-text.c index 648b54b1..7b68f98c 100644 --- a/sprinter-text.c +++ b/sprinter-text.c @@ -1,3 +1,4 @@ +#include <inttypes.h> #include <stdbool.h> #include <stdio.h> #include <talloc.h> @@ -44,11 +45,11 @@ text_string (struct sprinter *sp, const char *val) } static void -text_integer (struct sprinter *sp, int val) +text_integer (struct sprinter *sp, int64_t val) { struct sprinter_text *sptxt = (struct sprinter_text *) sp; - fprintf (sptxt->stream, "%d", val); + fprintf (sptxt->stream, "%"PRId64, val); } static void diff --git a/sprinter.h b/sprinter.h index 182b1a8b..528d8a2d 100644 --- a/sprinter.h +++ b/sprinter.h @@ -33,7 +33,7 @@ typedef struct sprinter { */ void (*string)(struct sprinter *, const char *); void (*string_len)(struct sprinter *, const char *, size_t); - void (*integer)(struct sprinter *, int); + void (*integer)(struct sprinter *, int64_t); void (*boolean)(struct sprinter *, bool); void (*null)(struct sprinter *); diff --git a/test/T160-json.sh b/test/T160-json.sh index ec1b5adb..d975efa7 100755 --- a/test/T160-json.sh +++ b/test/T160-json.sh @@ -65,7 +65,6 @@ test_expect_equal_json "$output" "[{\"thread\": \"XXX\", \"unread\"]}]" test_begin_subtest "Search message: json, 64-bit timestamp" -test_subtest_known_broken add_message "[subject]=\"json-search-64bit-timestamp-subject\"" "[date]=\"Tue, 01 Jan 2999 12:00:00 -0000\"" "[body]=\"json-search-64bit-timestamp-message\"" output=$(notmuch search --format=json "json-search-64bit-timestamp-message" | notmuch_search_sanitize) test_expect_equal_json "$output" "[{\"thread\": \"XXX\", -- 2.25.0 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 2/2] sprinter: change integer method to use int64_t 2020-02-08 1:49 ` [PATCH 2/2] sprinter: change integer method to use int64_t Peter Wang @ 2020-02-13 23:13 ` David Bremner 2020-02-20 17:23 ` Daniel Kahn Gillmor 0 siblings, 1 reply; 4+ messages in thread From: David Bremner @ 2020-02-13 23:13 UTC (permalink / raw) To: Peter Wang, notmuch Peter Wang <novalazy@gmail.com> writes: > In particular, timestamps beyond 2038 could overflow the sprinter > interface on systems where time_t is 64-bit but 'int' is a signed 32-bit > integer type. Series pushed to master. d ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 2/2] sprinter: change integer method to use int64_t 2020-02-13 23:13 ` David Bremner @ 2020-02-20 17:23 ` Daniel Kahn Gillmor 0 siblings, 0 replies; 4+ messages in thread From: Daniel Kahn Gillmor @ 2020-02-20 17:23 UTC (permalink / raw) To: David Bremner, Peter Wang, notmuch [-- Attachment #1: Type: text/plain, Size: 593 bytes --] On Thu 2020-02-13 19:13:51 -0400, David Bremner wrote: > Peter Wang <novalazy@gmail.com> writes: > >> In particular, timestamps beyond 2038 could overflow the sprinter >> interface on systems where time_t is 64-bit but 'int' is a signed 32-bit >> integer type. > > Series pushed to master. I'm a bit slow following up on this, but just wanted to say thanks to Peter for his fix here. This kind of additional robustness is definitely appreciated, even well before Y2038. And especially in the face of malicious input, which is basically the only thing that notmuch deals with! --dkg [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 227 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-02-20 18:56 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-02-08 1:49 [PATCH 1/2] test: add known broken test with timestamp beyond 2038 Peter Wang 2020-02-08 1:49 ` [PATCH 2/2] sprinter: change integer method to use int64_t Peter Wang 2020-02-13 23:13 ` David Bremner 2020-02-20 17:23 ` Daniel Kahn Gillmor
Code repositories for project(s) associated with this public inbox https://yhetil.org/notmuch.git/ This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).