SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 50 Next »

time_t is specified as an "arithmetic type capable of representing times." However, how time is encoded within this arithmetic type is unspecified. Because the encoding is unspecified, there is no safe way to manually perform arithmetic on the type, and, as a result, the values should not be modified directly.

Noncompliant Code Example

This noncompliant code example attempts to execute do_work() multiple times until at least seconds_to_work has passed. However, because the encoding is not defined, there is no guarantee that adding start to seconds_to_work will result in adding seconds_to_work seconds.

int do_work(int seconds_to_work) {
  time_t start = time(NULL);

  if (start == (time_t)(-1)) {
    /* Handle error */
  }
  while (time(NULL) < start + seconds_to_work) {
    /* ... */
  }
  return 0;
}

Compliant Solution

This compliant solution uses difftime() to determine the difference between two time_t values. The difftime() function returns the number of seconds from the second parameter until the first parameter and result as a double.

int do_work(int seconds_to_work) {
  time_t start = time(NULL);
  time_t current = start;

  if (start == (time_t)(-1)) {
    /* Handle error */
  }
  while (difftime(current, start) < seconds_to_work) {
    current = time(NULL);
    if (current == (time_t)(-1)) {
       /* Handle error */
    }
    /* ... */
  }
  return 0;
}

Note that this loop may still not exit, because the range of time_t may not be able to represent two times seconds_to_work apart.

Risk Assessment

Using time_t incorrectly can lead to broken logic that can place a program in an infinite loop or cause an expected logic branch to not execute.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

MSC05-C

low

unlikely

medium

P2

L3

Automated Detection

Compass/ROSE can detect violations of this recommendation.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

This rule appears in the C++ Secure Coding Standard as MSC05-CPP. Do not manipulate time_t typed values directly.

References

[[Kettlewell 02]] Section 4.1, "time_t"
[[ISO/IEC 9899:1999]] Section 7.23, "Date and time <time.h>"

      49. Miscellaneous (MSC)       MSC06-C. Be aware of compiler optimization when dealing with sensitive data

  • No labels