[libcxx-commits] [libcxx] [libc++][chrono] Loads leap-seconds.list in tzdb. (PR #82113)
via libcxx-commits
libcxx-commits at lists.llvm.org
Tue Mar 26 15:54:19 PDT 2024
================
@@ -622,6 +623,36 @@ static void __parse_tzdata(tzdb& __db, __tz::__rules_storage_type& __rules, istr
}
}
+static void __parse_leap_seconds(vector<leap_second>& __leap_seconds, istream&& __input) {
+ // The file stores dates since 1 January 1900, 00:00:00, we want
+ // seconds since 1 January 1970.
+ constexpr auto __offset = sys_days{1970y / January / 1} - sys_days{1900y / January / 1};
+
----------------
EricWF wrote:
Have you considered the security implications of parsing untrusted text files?
An attacker with the ability to write to the TZDB files could potentially exploit our tzdb parser.
I think we need to consider the parsing code an attack surface, and harden against it. That probably means writing fuzz tests in addition to a thorough set of regular tests.
Thoughts?
https://github.com/llvm/llvm-project/pull/82113
More information about the libcxx-commits
mailing list