vim-patch:9.0.0733: use of strftime() is not safe (#21228)

Problem:    Use of strftime() is not safe.
Solution:   Check the return value of strftime().  Use a larger buffer and
            correctly pass the available space. (Dominique Pellé, closes
            vim/vim#11348)

https://github.com/vim/vim/commit/84d14ccdb50dc9f362066a2c83bfaf331314e5ea

Co-authored-by: Dominique Pelle <dominique.pelle@gmail.com>

1 files changed, 8 insertions, 2 deletions

diff --git a/src/nvim/os/time.c b/src/nvim/os/time.c
index 7fc43d7991..360565fbc5 100644
--- a/src/nvim/os/time.c
+++ b/src/nvim/os/time.c
@@ -186,10 +186,16 @@ char *os_ctime_r(const time_t *restrict clock, char *restrict result, size_t res
   struct tm *clock_local_ptr = os_localtime_r(clock, &clock_local);
   // MSVC returns NULL for an invalid value of seconds.
   if (clock_local_ptr == NULL) {
-    xstrlcpy(result, _("(Invalid)"), result_len);
+    xstrlcpy(result, _("(Invalid)"), result_len - 1);
   } else {
     // xgettext:no-c-format
-    strftime(result, result_len, _("%a %b %d %H:%M:%S %Y"), clock_local_ptr);
+    if (strftime(result, result_len - 1, _("%a %b %d %H:%M:%S %Y"), clock_local_ptr) == 0) {
+      // Quoting "man strftime":
+      // > If the length of the result string (including the terminating
+      // > null byte) would exceed max bytes, then strftime() returns 0,
+      // > and the contents of the array are undefined.
+      xstrlcpy(result, _("(Invalid)"), result_len - 1);
+    }
   }
   xstrlcat(result, "\n", result_len);
   return result;