From: Steve Dower <steve.dower@microsoft.com>
Date: Mon, 7 Sep 2015 05:18:36 +0000 (-0700)
Subject: Issue #24917: time_strftime() buffer over-read.
X-Git-Tag: v3.5.1rc1~427^2~2^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=aa2fcc6b35e92ee7a8b1396ee454a9f92936c850;p=python

Issue #24917: time_strftime() buffer over-read.
---

diff --git a/Misc/NEWS b/Misc/NEWS
index 7a3c22c483..ac0541b1ad 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -81,6 +81,8 @@ Core and Builtins
 Library
 -------
 
+- Issue #24917: time_strftime() buffer over-read.
+
 - Issue #23144: Make sure that HTMLParser.feed() returns all the data, even
   when convert_charrefs is True.
 
diff --git a/Modules/timemodule.c b/Modules/timemodule.c
index d0917a4073..d71b3ac872 100644
--- a/Modules/timemodule.c
+++ b/Modules/timemodule.c
@@ -655,6 +655,8 @@ time_strftime(PyObject *self, PyObject *args)
         outbuf != NULL;
         outbuf = wcschr(outbuf+2, '%'))
     {
+        if (outbuf[1] == L'\0')
+            break;
         /* Issue #19634: On AIX, wcsftime("y", (1899, 1, 1, 0, 0, 0, 0, 0, 0))
            returns "0/" instead of "99" */
         if (outbuf[1] == L'y' && buf.tm_year < 0) {