[issue36792] [Windows] time: crash on formatting time with de_DE locale
Jeremy Kloth
report at bugs.python.org
Sat May 11 21:02:14 EDT 2019
Jeremy Kloth <jeremy.kloth+python-tracker at gmail.com> added the comment:
I have managed to setup a VM that can reproduce the error. Unfortunately, the error (heap corruption) is coming from within the UCRT. Attempting to work around that, I came across another error in the UCRT.
Due to these errors in all available UCRT versions, the only available solution is to re-implement %Z handling in Python's implementation of strftime().
@steve.dower: If you could forward the following information to the interested parties for faster response, it would be great.
Everyone else, what follows contains UCRT internal details which is of no interest to Python.
In wcsftime() [ucrt\time\wcsftime.cpp, line 1018], the call to _mbstowcs_s_l() doesn't handle the error case of EILSEQ. This error happens when the tzname (originally set by __tzset() from the Unicode name in the registry encoded to the ACP) contains an undecodable character. In the 'de_DE' case, \u00E4. _mbstowcs_s_l returns without changing `wnum` (which is 0). The 'Z' case then blindly subtracts 1 (wnum=-1) and advances the string pointer, now pointing *before* the start when the format is just L"%Z" (like Python has). Now when wcsftime() is returning it stores a '\0' at that current position thus causing a heap corruption.
Ok, no deal breaker, we can just update the _tzname array when we call setlocale(). Alas, another error :( If _tzset() is called a second time, it fails when encoding the Unicode name due to an uninitialized variable. In tzset_from_system_nolock() [ucrt\time\tzset.cpp, line 158], the function __acrt_WideCharToMultiByte() [appcrt\locale\widechartomultibyte.cpp] does not set the `lpUsedDefaultChar` flag when FALSE. This is only an issue, it seems, on subsequent calls as `used_default_char` can be non-zero prior to the call. A non-zero value there, causes the tzname to be set to the empty string even if the conversion succeeded.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue36792>
_______________________________________
More information about the Python-bugs-list
mailing list