[libcxx-commits] [libcxx] [libc++][chrono] Loads leap-seconds.list in tzdb. (PR #82113)
via libcxx-commits
libcxx-commits at lists.llvm.org
Tue Mar 26 15:54:19 PDT 2024
https://github.com/EricWF requested changes to this pull request.
I think we should split out the interface for parsing TZDB-type strings.
I've noticed a number of complications arising from testing TZDB internals using only the public standard interface. The public interface is simply insufficient to allow proper testing and validation of the libraries internals.
I think we should split our concerns into two, They are:
1. Implement & Test the C++ Standard interface.
2. Implement a secure, platform/system agnostic TZDB parser/adapter.
The latter of the two problems is much hairier of a task. There are a number of formats, each with a number of revisions, that we need the parser to accept. And more importantly, there's an infinite number of inputs we need the parser to securely reject.
I say "securely" reject because the time zone database parser provides a potential attack vector for any attacker with some control over the bytes we read from disk.
So validation using both unit tests and fuzzing tests is essential.
We can achieve this testibility without affecting the public interface by abstracting out the parser into a separate testable unit.
The remaining tests, for conformance of the public API, would look almost identical to what we have now, except with fewer places needing to reference internal implementation details.
https://github.com/llvm/llvm-project/pull/82113
More information about the libcxx-commits
mailing list