From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 5890 invoked from network); 12 Nov 2020 03:38:28 -0000 Received: from mother.openwall.net (195.42.179.200) by inbox.vuxu.org with ESMTPUTF8; 12 Nov 2020 03:38:28 -0000 Received: (qmail 20188 invoked by uid 550); 12 Nov 2020 03:38:17 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 20141 invoked from network); 12 Nov 2020 03:38:15 -0000 X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu To: Bruno Haible References: <87o8k4urq2.fsf@latte.josefsson.org> <4957782.yBLirf3sRb@omega> From: Paul Eggert Autocrypt: addr=eggert@cs.ucla.edu; prefer-encrypt=mutual; keydata= mQINBEyAcmQBEADAAyH2xoTu7ppG5D3a8FMZEon74dCvc4+q1XA2J2tBy2pwaTqfhpxxdGA9 Jj50UJ3PD4bSUEgN8tLZ0san47l5XTAFLi2456ciSl5m8sKaHlGdt9XmAAtmXqeZVIYX/UFS 96fDzf4xhEmm/y7LbYEPQdUdxu47xA5KhTYp5bltF3WYDz1Ygd7gx07Auwp7iw7eNvnoDTAl KAl8KYDZzbDNCQGEbpY3efZIvPdeI+FWQN4W+kghy+P6au6PrIIhYraeua7XDdb2LS1en3Ss mE3QjqfRqI/A2ue8JMwsvXe/WK38Ezs6x74iTaqI3AFH6ilAhDqpMnd/msSESNFt76DiO1ZK QMr9amVPknjfPmJISqdhgB1DlEdw34sROf6V8mZw0xfqT6PKE46LcFefzs0kbg4GORf8vjG2 Sf1tk5eU8MBiyN/bZ03bKNjNYMpODDQQwuP84kYLkX2wBxxMAhBxwbDVZudzxDZJ1C2VXujC OJVxq2kljBM9ETYuUGqd75AW2LXrLw6+MuIsHFAYAgRr7+KcwDgBAfwhPBYX34nSSiHlmLC+ KaHLeCLF5ZI2vKm3HEeCTtlOg7xZEONgwzL+fdKo+D6SoC8RRxJKs8a3sVfI4t6CnrQzvJbB n6gxdgCu5i29J1QCYrCYvql2UyFPAK+do99/1jOXT4m2836j1wARAQABtCBQYXVsIEVnZ2Vy dCA8ZWdnZXJ0QGNzLnVjbGEuZWR1PokCVQQTAQgAPwIbAwYLCQgHAwIGFQgCCQoLBBYCAwEC HgECF4AWIQR+N5Kp2Kz31jO8FYjtl+kOYqp+NAUCXyW9lwUJFK4LswAKCRDtl+kOYqp+NKNV D/9HMsI1606n0UuTXHwITsyOjAI9SDOT+C3DUv6qlM5BH2nWAMTiIiyA5uglsJv93oi2vNtF f/Q/m/1cnZWgnVnExkyLI4ENSd1uBvr0/lCSdPlP0Mg6GWSpXMu+x0vdT0AaZNOTE0FnPuol dc3XD76C2qg8sX/iaxXTKHy9P+BlAq/Cs7/pxDQ0EzSn0USZ2C0l5vv4PMpA/picnS6K609J vDGaORmwZeXIZqQNZV+ZQs+UYtVoguDTqby3IUY1I8BlXHRptaj9AMn4Uoh/CqpQlVojoyWl HqaFnnJBKeF0hvJ9SAyalwuzAjG7vQW07MYncaOFm0woiKbg5JLO8F4SBTIkuO0DCf9nLAay 6VsB4rzwdEfRwjPLYAn7MR3fvHCEzfrkldTraiBO1T0ieDK80I7sLf6pMeCYI19pUlx0/NRM GCddiFIQdfthKWXGRS5LAs8jwBf8H6G5PWinPrEIaomIP21ivuhQD07bYq9IiIdeljjUdHcG I0i/B4M56Zaa8Ff38iniOlrDYCmYWR4dCWZiuQeZ3OgqeQs9a6jTvgdDGVmRVqY+jzk8PlaH fcok8ROhFcHKkcfhuBhL25hlRIshRDOEskXqKwnzrbqga3GXZXfsXAoFbzNhLdLv9A+LJAYS kXP6/5qdTpELVGosyH884VdbBpkGI04oYVqulbkCDQRMgHJkARAApoXrvxP3DIfjCNOtXU/P dwMShKdX/RlSs5PfunV1wbKP8herXHrvQdFVqECaTSxmlhzbk8X0PkY9gcVaU2O49T3qsOd1 cHeF52YFGEt0LhsBeMjgNX5uZ1V76r8gyeVlFpWWb0SIwJUBHrDXexF67upeRb2vdHBjYDNe ySn+0B7gFEqvVmZu+LadudDp6kQLjatFvHQHUSGNshBnkkcaTbiI9Pst0GCc2aiznBiPPA2W QxAPlPRh3OGTsn5THADmbjqY6FEMLasVX8DSCblMvLwNeO/8SxziBidhqLpJCqdQRWHku5Xx gIkGeKOz5OLDvXHWJyafrEYjjkS6Ak6B5z6svKliClWnjHQcjlPzyoFFgKTEfcqDxCj4RY0D 0DgtFD0NfyeOidrSB/SzTe2hwryQE3rpSiqo+0cGdzh4yAHKYJ+UrXZ4p93ZhjGfKD1xlrNY DlWyW9PGmbvqFuDmiIAQf9WD/wzEfICc+F+uDDI+uYkRxUFp92ykmdhDEFg1yjYsU8iGU69a Hyvhq36z4zctvbqhRNzOWB1bVJ/dIMDvsExGcXQVDIT7sDNXv0wE3jKSKpp7NDG1oXUXL+2+ SF99Kjy753AbQSAmH617fyBNwhJWvQYg+mUvPpiGOtses9EXUI3lS4v0MEaPG43flEs1UR+1 rpFQWVHo1y1OO+sAEQEAAYkCPAQYAQgAJgIbDBYhBH43kqnYrPfWM7wViO2X6Q5iqn40BQJf Jb2zBQkUrgvPAAoJEO2X6Q5iqn40cnMP/17CgUkXT9aIJriPM8wbceYrcl7+bdYEf79SlwSb bHN7R4CoIJFOlN9S/34typGVYvpgmCJDYFTBxyPO92iMXDgA4+cWHzt5T1aYO9hsKhh7vDtK +6ProZGc+08gUTXHhb97hMMQhknJlnfjpSEC9em906FU+I93T1fTGupnBa3aWcK8jM0JaBGb y2hG1S3olaDLSTtBINNBYmvuWR9MKOhhqDrlk5cwFDJLh5NrXteEY08WAzcLzG3pkrXPHkFe MQtfqk0jLdGGvGC3NCIkqYrdLhiRvGpru38C26REn5f4I0vGE3VfIXHe8TMCNmQut1NtMuUm pDIy1aLxGzuptUhnOJN//r+VjDPoi3LOySNYphqe/dMubsfUr6ohP41mKF81FuwI4amqJtrq IL2yqax3a0qlfwCxXftieqJcuekX+eCPDCKrYMXR0FYgwpG2ITZUGtrEjESlE6Dscx734HKd r5ORIocLUUKEOGeiU6DGhGFdb5Twu0Sn+u1mUPDN0M++CdMvClIE8klo4G91EOImu1Upb8xc OPQwxh1jwqSrU5QwoNmSYegQSHLpIUurFz1iQUh1vpPXzKinkWEqv4IqA1ciL+LyySuLkp7M sJpVRMbWJCNWOOSbaH4oDBJ5dHMGc35x5mosCk90PXknuFDDsYHfDo5smf9lo6YXx7N9 Organization: UCLA Computer Science Department Cc: bug-gnulib@gnu.org, Simon Josefsson , =?UTF-8?Q?P=c3=a1draig_Brady?= , musl@lists.openwall.com Message-ID: Date: Wed, 11 Nov 2020 19:38:00 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <4957782.yBLirf3sRb@omega> Content-Type: multipart/mixed; boundary="------------3F5D20780C401750329DD50C" Content-Language: en-US Subject: [musl] Re: parse-datetime test failure This is a multi-part message in MIME format. --------------3F5D20780C401750329DD50C Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit On 11/11/20 8:20 AM, Bruno Haible wrote: > It works fine on Alpine Linux 3.7 (32-bit, 64-bit) and 3.9 (64-bit). > > On Alpine Linux 3.10 and 3.12 (64-bit) it fails: > ../../gltests/test-parse-datetime.c:448: assertion 'result.tv_sec == 1 * 60 * 60 + 2 * 60 + 3 && result.tv_nsec == 123456789' failed > Aborted > > So, to me it looks like a regression between Alpine Linux 3.9 and 3.10. It's arguably a bug in the test case, since Alpine uses musl libc which does not support time zone abbreviations longer than 6 bytes, whereas the test case uses an time zone abbreviation of 2000 bytes (to test a bug in an old Gnulib version when running on GNU/Linux). POSIX does not define behavior if you go over the limit. I worked around the problem by changing the test case to not go over the limit as determined by sysconf (_SC_TZNAME_MAX), in the first attached patch. Plus I refactored and/or slightly improved the Gnulib overflow checking while I was in the neighborhood (last two attached patches). Arguably this is a quality-of-implementation issue here, since Alpine and/or musl goes beserk with long timezone abbreviations whereas every other implementation I know of either works or silently substitutes localtime or UTC (which is good enough for this test case). But I'll leave that issue to the Alpine and/or musl libc folks. I'll cc this to the musl bug reporting list. Although the Gnulib test failure has been fixed, it may be the symptom of a more-severe bug in musl. For those new to the problem, this thread starts here: https://lists.gnu.org/r/bug-gnulib/2020-11/msg00039.html --------------3F5D20780C401750329DD50C Content-Type: text/x-patch; charset=UTF-8; name="0001-parse-datetime-tests-port-to-Alpine-Linux-3.12.1.patch" Content-Disposition: attachment; filename*0="0001-parse-datetime-tests-port-to-Alpine-Linux-3.12.1.patch" Content-Transfer-Encoding: quoted-printable >From 4c9a3c65e279977af4e345748ba73ab0441dc04a Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Wed, 11 Nov 2020 19:08:27 -0800 Subject: [PATCH 1/3] parse-datetime-tests: port to Alpine Linux 3.12.1 * tests/test-parse-datetime.c: Include errno.h for errno, and unistd.h for _SC_TZNAME_MAX and sysconf. (main): In the outlandishly-long time zone abbreviation test, do not exceed TZNAME_MAX as this has undefined behavior, and on Alpine Linux 3.12.1 it makes the test fail. --- ChangeLog | 9 +++++++++ tests/test-parse-datetime.c | 16 +++++++++++++--- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index a5999557b..e1828df64 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +2020-11-11 Paul Eggert + + parse-datetime-tests: port to Alpine Linux 3.12.1 + * tests/test-parse-datetime.c: Include errno.h for errno, + and unistd.h for _SC_TZNAME_MAX and sysconf. + (main): In the outlandishly-long time zone abbreviation test, + do not exceed TZNAME_MAX as this has undefined behavior, + and on Alpine Linux 3.12.1 it makes the test fail. + 2020-11-09 P=C3=A1draig Brady =20 mgetgroups: avoid warning with clang diff --git a/tests/test-parse-datetime.c b/tests/test-parse-datetime.c index 920c9ae84..187e7c703 100644 --- a/tests/test-parse-datetime.c +++ b/tests/test-parse-datetime.c @@ -20,9 +20,11 @@ =20 #include "parse-datetime.h" =20 +#include #include #include #include +#include =20 #include "macros.h" =20 @@ -435,13 +437,21 @@ main (int argc _GL_UNUSED, char **argv) /* Outlandishly-long time zone abbreviations should not cause problems= . */ { static char const bufprefix[] =3D "TZ=3D\""; - enum { tzname_len =3D 2000 }; + long int tzname_max =3D -1; + errno =3D 0; +#ifdef _SC_TZNAME_MAX + tzname_max =3D sysconf (_SC_TZNAME_MAX); +#endif + enum { tzname_alloc =3D 2000 }; + if (tzname_max < 0) + tzname_max =3D errno ? 6 : tzname_alloc; + int tzname_len =3D tzname_alloc < tzname_max ? tzname_alloc : tzname= _max; static char const bufsuffix[] =3D "0\" 1970-01-01 01:02:03.123456789= "; - enum { bufsize =3D sizeof bufprefix - 1 + tzname_len + sizeof bufsuf= fix }; + enum { bufsize =3D sizeof bufprefix - 1 + tzname_alloc + sizeof bufs= uffix }; char buf[bufsize]; memcpy (buf, bufprefix, sizeof bufprefix - 1); memset (buf + sizeof bufprefix - 1, 'X', tzname_len); - strcpy (buf + bufsize - sizeof bufsuffix, bufsuffix); + strcpy (buf + sizeof bufprefix - 1 + tzname_len, bufsuffix); ASSERT (parse_datetime (&result, buf, &now)); LOG (buf, now, result); ASSERT (result.tv_sec =3D=3D 1 * 60 * 60 + 2 * 60 + 3 --=20 2.25.1 --------------3F5D20780C401750329DD50C Content-Type: text/x-patch; charset=UTF-8; name="0002-parse-datetime-streamline-overflow-checking.patch" Content-Disposition: attachment; filename="0002-parse-datetime-streamline-overflow-checking.patch" Content-Transfer-Encoding: quoted-printable >From 00ffb79c529942eab5c81568808bd317c753213a Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Wed, 11 Nov 2020 19:16:23 -0800 Subject: [PATCH 2/3] parse-datetime: streamline overflow checking MIME-Version: 1.0 Content-Type: text/plain; charset=3DUTF-8 Content-Transfer-Encoding: 8bit When parse-datetime.y=E2=80=99s overflow code was written, INT_ADD_WRAPV did not work for unsigned destinations, and since time_t might be unsigned that meant it did not work for time_t destinations. This limitation of INT_ADD_WRAPV has been fixed, so we can now streamline parse-datetime.y a bit. * lib/parse-datetime.y: Do not include limits.h, as LONG_MAX has not been used for a while. (yylex, parse_datetime2): Assume C99 declarations after statements. (yyles): Use INT_SUBTRACT_WRAPV instead of an explicit comparison to TYPE_MINIMUM. (parse_datetime2): No need for time_overflow now that INT_ADD_WRAPV works for unsigned results. --- ChangeLog | 14 ++++++++++++++ lib/parse-datetime.y | 41 ++++++++++++++++------------------------- 2 files changed, 30 insertions(+), 25 deletions(-) diff --git a/ChangeLog b/ChangeLog index e1828df64..530c9a661 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,19 @@ 2020-11-11 Paul Eggert =20 + parse-datetime: streamline overflow checking + When parse-datetime.y=E2=80=99s overflow code was written, INT_ADD_WRAP= V + did not work for unsigned destinations, and since time_t might + be unsigned that meant it did not work for time_t destinations. + This limitation of INT_ADD_WRAPV has been fixed, so we can + now streamline parse-datetime.y a bit. + * lib/parse-datetime.y: Do not include limits.h, as LONG_MAX + has not been used for a while. + (yylex, parse_datetime2): Assume C99 declarations after statements. + (yyles): Use INT_SUBTRACT_WRAPV instead of an explicit comparison + to TYPE_MINIMUM. + (parse_datetime2): No need for time_overflow now that + INT_ADD_WRAPV works for unsigned results. + parse-datetime-tests: port to Alpine Linux 3.12.1 * tests/test-parse-datetime.c: Include errno.h for errno, and unistd.h for _SC_TZNAME_MAX and sysconf. diff --git a/lib/parse-datetime.y b/lib/parse-datetime.y index 0c6246742..44ae90350 100644 --- a/lib/parse-datetime.y +++ b/lib/parse-datetime.y @@ -27,7 +27,7 @@ Modified by Paul Eggert in 1999 to do the right thing about local DST. Also modified by Paul Eggert in 2004 to support nanosecond-resolution - timestamps, in 2004 to support TZ strings in dates, and in 2017 to + timestamps, in 2004 to support TZ strings in dates, and in 2017 and 2= 020 to check for integer overflow and to support longer-than-'long' 'time_t' and 'tv_nsec'. */ =20 @@ -63,7 +63,6 @@ =20 #include #include -#include #include #include #include @@ -1410,13 +1409,12 @@ yylex (union YYSTYPE *lvalp, parser_control *pc) =20 if (c_isdigit (c) || c =3D=3D '-' || c =3D=3D '+') { - char const *p; + char const *p =3D pc->input; int sign; - intmax_t value =3D 0; if (c =3D=3D '-' || c =3D=3D '+') { sign =3D c =3D=3D '-' ? -1 : 1; - while (c =3D *++pc->input, c_isspace (c)) + while (c =3D *(pc->input =3D ++p), c_isspace (c)) continue; if (! c_isdigit (c)) /* skip the '-' sign */ @@ -1424,8 +1422,8 @@ yylex (union YYSTYPE *lvalp, parser_control *pc) } else sign =3D 0; - p =3D pc->input; =20 + time_t value =3D 0; do { if (INT_MULTIPLY_WRAPV (value, 10, &value)) @@ -1438,17 +1436,12 @@ yylex (union YYSTYPE *lvalp, parser_control *pc) =20 if ((c =3D=3D '.' || c =3D=3D ',') && c_isdigit (p[1])) { - time_t s; - int ns; + time_t s =3D value; int digits; =20 - if (time_overflow (value)) - return '?'; - s =3D value; - /* Accumulate fraction, to ns precision. */ p++; - ns =3D *p++ - '0'; + int ns =3D *p++ - '0'; for (digits =3D 2; digits <=3D LOG10_BILLION; digits++) { ns *=3D 10; @@ -1472,9 +1465,8 @@ yylex (union YYSTYPE *lvalp, parser_control *pc) negative. */ if (sign < 0 && ns) { - if (s =3D=3D TYPE_MINIMUM (time_t)) + if (INT_SUBTRACT_WRAPV (s, 1, &s)) return '?'; - s--; ns =3D BILLION - ns; } =20 @@ -1857,11 +1849,9 @@ parse_datetime2 (struct timespec *result, char con= st *p, int quarter; for (quarter =3D 1; quarter <=3D 3; quarter++) { - intmax_t iprobe; - if (INT_ADD_WRAPV (Start, quarter * (90 * 24 * 60 * 60), &iprobe= ) - || time_overflow (iprobe)) + time_t probe; + if (INT_ADD_WRAPV (Start, quarter * (90 * 24 * 60 * 60), &probe)= ) break; - time_t probe =3D iprobe; struct tm probe_tm; if (localtime_rz (tz, &probe, &probe_tm) && probe_tm.tm_zone && probe_tm.tm_isdst !=3D pc.local_time_zone_table[0].value) @@ -2237,7 +2227,6 @@ parse_datetime2 (struct timespec *result, char cons= t *p, so this block must follow others that clobber Start. */ if (pc.zones_seen) { - intmax_t delta =3D pc.time_zone, t1; bool overflow =3D false; #ifdef HAVE_TM_GMTOFF long int utcoff =3D tm.tm_gmtoff; @@ -2248,9 +2237,11 @@ parse_datetime2 (struct timespec *result, char con= st *p, ? tm_diff (&tm, &gmt) : (overflow =3D true, 0)); #endif - overflow |=3D INT_SUBTRACT_WRAPV (delta, utcoff, &delta); + intmax_t delta; + overflow |=3D INT_SUBTRACT_WRAPV (pc.time_zone, utcoff, &delta= ); + time_t t1; overflow |=3D INT_SUBTRACT_WRAPV (Start, delta, &t1); - if (overflow || time_overflow (t1)) + if (overflow) { if (pc.parse_datetime_debug) dbg_printf (_("error: timezone %d caused time_t overflow= \n"), @@ -2281,14 +2272,14 @@ parse_datetime2 (struct timespec *result, char co= nst *p, intmax_t sum_ns =3D orig_ns + pc.rel.ns; int normalized_ns =3D (sum_ns % BILLION + BILLION) % BILLION; int d4 =3D (sum_ns - normalized_ns) / BILLION; - intmax_t d1, t1, d2, t2, t3, t4; + intmax_t d1, t1, d2, t2, t3; + time_t t4; if (INT_MULTIPLY_WRAPV (pc.rel.hour, 60 * 60, &d1) || INT_ADD_WRAPV (Start, d1, &t1) || INT_MULTIPLY_WRAPV (pc.rel.minutes, 60, &d2) || INT_ADD_WRAPV (t1, d2, &t2) || INT_ADD_WRAPV (t2, pc.rel.seconds, &t3) - || INT_ADD_WRAPV (t3, d4, &t4) - || time_overflow (t4)) + || INT_ADD_WRAPV (t3, d4, &t4)) { if (pc.parse_datetime_debug) dbg_printf (_("error: adding relative time caused an " --=20 2.25.1 --------------3F5D20780C401750329DD50C Content-Type: text/x-patch; charset=UTF-8; name="0003-time_rz-simplify-CVE-2017-7476-fix.patch" Content-Disposition: attachment; filename="0003-time_rz-simplify-CVE-2017-7476-fix.patch" Content-Transfer-Encoding: quoted-printable >From e2739ba6310893be93d01a23cbfed8d8dfb08966 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Wed, 11 Nov 2020 19:20:42 -0800 Subject: [PATCH 3/3] time_rz: simplify CVE-2017-7476 fix * lib/time_rz.c: Do not include limits.h; I think it was included under the mistaken impression that limits.h defines SIZE_MAX. (SIZE_MAX): Remove. (save_abbr): Put string length into a ptrdiff_t variable, so that the size comparison works naturally. This fixes CVE-2017-7476 in a cleaner way. --- ChangeLog | 8 ++++++++ lib/time_rz.c | 15 ++------------- 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index 530c9a661..fe298605e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,13 @@ 2020-11-11 Paul Eggert =20 + time_rz: simplify CVE-2017-7476 fix + * lib/time_rz.c: Do not include limits.h; I think it was included + under the mistaken impression that limits.h defines SIZE_MAX. + (SIZE_MAX): Remove. + (save_abbr): Put string length into a ptrdiff_t variable, + so that the size comparison works naturally. This + fixes CVE-2017-7476 in a cleaner way. + parse-datetime: streamline overflow checking When parse-datetime.y=E2=80=99s overflow code was written, INT_ADD_WRAP= V did not work for unsigned destinations, and since time_t might diff --git a/lib/time_rz.c b/lib/time_rz.c index c58e6831b..a33b8078b 100644 --- a/lib/time_rz.c +++ b/lib/time_rz.c @@ -27,7 +27,6 @@ #include =20 #include -#include #include #include #include @@ -36,10 +35,6 @@ #include "flexmember.h" #include "time-internal.h" =20 -#ifndef SIZE_MAX -# define SIZE_MAX ((size_t) -1) -#endif - /* The approximate size to use for small allocation requests. This is the largest "small" request for the GNU C library malloc. */ enum { DEFAULT_MXFAST =3D 64 * sizeof (size_t) / 4 }; @@ -125,14 +120,8 @@ save_abbr (timezone_t tz, struct tm *tm) { if (! (*zone_copy || (zone_copy =3D=3D tz->abbrs && tz->tz_is_= set))) { - size_t zone_size =3D strlen (zone) + 1; - size_t zone_used =3D zone_copy - tz->abbrs; - if (SIZE_MAX - zone_used < zone_size) - { - errno =3D ENOMEM; - return false; - } - if (zone_used + zone_size < ABBR_SIZE_MIN) + ptrdiff_t zone_size =3D strlen (zone) + 1; + if (zone_size < tz->abbrs + ABBR_SIZE_MIN - zone_copy) extend_abbrs (zone_copy, zone, zone_size); else { --=20 2.25.1 --------------3F5D20780C401750329DD50C--