log: Check that the timestamp string is non-empty to avoid undefined behavior #27317

pull john-moffett wants to merge 1 commits into bitcoin:master from john-moffett:2023_04_FixTimestampPotentialUB changing 1 files +1 −1
  1. john-moffett commented at 7:20 PM on March 23, 2023: contributor

    Follow-up to #27233

    The current FormatISO8601DateTime function will return an empty string if it encounters an error when converting the int64_t seconds-since-epoch to a formatted date time. In the unlikely case that happens, here strStamped.pop_back() would be undefined behavior.

  2. DrahtBot commented at 7:20 PM on March 23, 2023: contributor

    <!--e57a25ab6845829454e8d69fc972939a-->

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    <!--021abf342d371248e50ceaed478a90ca-->

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    ACK stickies-v, MarcoFalke

    If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

  3. DrahtBot added the label Utils/log/libs on Mar 23, 2023
  4. Check that the Timestamp String is valid
    The current `FormatISO8601DateTime` function will
return an empty string if it encounters an error
when converting the `int64_t` seconds since epoch
to a formatted date time. In the unlikely case that happens,
`strStamped.pop_back()` would be undefined behavior.
    73f4eb511c
  5. in src/logging.cpp:356 in e68230a98e outdated 
     351 | @@ -352,9 +352,13 @@ std::string BCLog::Logger::LogTimestampStr(const std::string& str)
 352 |          const auto now{SystemClock::now()};
 353 |          const auto now_seconds{std::chrono::time_point_cast<std::chrono::seconds>(now)};
 354 |          strStamped = FormatISO8601DateTime(TicksSinceEpoch<std::chrono::seconds>(now_seconds));
 355 | -        if (m_log_time_micros) {
 356 | -            strStamped.pop_back();
 357 | -            strStamped += strprintf(".%06dZ", Ticks<std::chrono::microseconds>(now - now_seconds));
 358 | +        if (strStamped.empty()) {
 359 | +            strStamped = "Error obtaining current timestamp";
    maflcko commented at 7:24 PM on March 23, 2023:

    This should never happen, so instead of adding dead code, what about simply combining the two if conditions?

    john-moffett commented at 7:42 PM on March 23, 2023:

    My thinking was that if it never happens, then this PR is unnecessary. If it could happen, then I'd rather have an explicit message rather than output that entirely lacks timestamps, which someone may not notice is bizarre.

    Happy to change it, though, if people prefer your approach.

    jonatack commented at 7:54 PM on March 23, 2023:

    Assuming it can happen, maybe wrap the message in, say, square brackets ("[Error obtaining current timestamp]") to be clearer in the log.

    john-moffett commented at 8:00 PM on March 23, 2023:

    I think I've already come around to the view that it's so unlikely as to be not worth the additional LoC, so I'll switch to the simpler version.

    Thanks!

    martinus commented at 4:04 PM on March 26, 2023:

    I've seen this happening to computers before, but never when bitcoind was running. Usually that happens when time synchronization goes wrong for whatever reason.

    maflcko commented at 7:56 AM on March 27, 2023:

    If there are steps to reproduce this, it would be good to write a detection for it at Bitcoin Core init time and refuse to start the program (if this isn't already done).

  6. john-moffett force-pushed on Mar 23, 2023
  7. in src/logging.cpp:355 in 73f4eb511c 
     351 | @@ -352,7 +352,7 @@ std::string BCLog::Logger::LogTimestampStr(const std::string& str)
 352 |          const auto now{SystemClock::now()};
 353 |          const auto now_seconds{std::chrono::time_point_cast<std::chrono::seconds>(now)};
 354 |          strStamped = FormatISO8601DateTime(TicksSinceEpoch<std::chrono::seconds>(now_seconds));
 355 | -        if (m_log_time_micros) {
 356 | +        if (m_log_time_micros && !strStamped.empty()) {
    stickies-v commented at 4:01 PM on March 24, 2023:

    Could wrap this in an Assume() to both make it clear to the reader that it's not supposed to happen and easier to catch any (very unexpected) bugs without crashing non-development builds?

            if (m_log_time_micros && Assume(!strStamped.empty())) {
  8. stickies-v approved
  9. stickies-v commented at 4:02 PM on March 24, 2023: contributor

    ACK 73f4eb511cf80cf52b78627347727ca02774b731

  10. hernanmarino approved
  11. maflcko commented at 8:54 AM on April 5, 2023: member

    lgtm ACK 73f4eb511cf80cf52b78627347727ca02774b731

  12. fanquake merged this on Apr 5, 2023
  13. fanquake closed this on Apr 5, 2023
  14. sidhujag referenced this in commit 8040a5b31b on Apr 5, 2023
  15. bitcoin locked this on Apr 4, 2024
Contributors
john-moffettDrahtBotmaflckojonatackmartinusstickies-vhernanmarino
Labels
Utils/log/libs
Linked (view graph)
#27233 refactor: Replace GetTimeMicros by SystemClock
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-13 15:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me