On Fri, Jul 12, 2024 at 11:51:06AM +0200, Richard Weinberger wrote:
Am Freitag, 12. Juli 2024, 11:46:08 CEST schrieb 'Heinrich Schuchardt' via upstream:
Am 12. Juli 2024 10:24:54 MESZ schrieb Richard Weinberger richard@nod.at:
Make sure that tm_mday and tm_mon are within the expected range. Upper layers such as rtc_calc_weekday() will use them as lookup keys for arrays and this can cause out of bounds memory accesses.
rtc_calc_weekday() might receive invalid input from other sources. Shouldn't the function always validate its input before array access?
It depends on the overall design. Functions like strlen() also assume that you provide a valid string, so rtc_calc_weekday() can assume too that the passed rtc_time structure contains valid data.
In doubt, let's fix both FAT and rtc_calc_weekday().
Well, we care about size growth when at all possible. So what if we don't sanity check in each FS, but just in rtc_calc_weekday() and make sure callers handle errors?