The type, precision, and range of clock_t are implementation defined. time_t
is specified as an "arithmetic type capable of representing times" as size_t, which is the unsigned result of the sizeof
operator. However, how time is encoded within the arithmetic type is unspecified.
Non-Compliant Code Example
This code attempts to execute do_some_work()
multiple times until at least seconds_to_work
has passed. However, because the encoding is not defined, there is no guarantee that adding start
to seconds_to_work
will result adding seconds_to_work
seconds.
int do_work(int seconds_to_work) { time_t start; start = time(); if (start == (time_t)(-1)) { /* Handle error */ } while (time() < start + second_to_work) { do_some_work(); } }
Compliant Solution
This compliant solution uses difftime()
to determine the difference between two time_t
values. difftime()
returns the number of seconds from the second parameter until the first parameter and returns the result as a double
.
int do_work(int seconds_to_work) { time_t start, current; start = time(); if (start == (time_t)(-1)) { /* Handle error */ } while (time() < start + second_to_work) { current = time(); if (current == (time_t)(-1)) { /* Handle error */ } if (difftime(current, start) >= seconds_to_work) break; do_some_work(); } }
Note that this loop may still not exit, as the range of time_t
may not be able to represent two times seconds_to_work
apart.
Risk Assessment
Using time_t
incorrectly can lead to broken logic that could place a program in an infinite loop or cause an expected logic branch to not actually execute.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
MSC05-A |
1 (low) |
1 (low) |
2 (medium) |
P2 |
L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
[[Kettlewell 02]] Section 4.1, "time_t"
[[ISO/IEC 9899-1999]] Section 7.23, "Date and time <time.h>"