mktime panics with index out of bounds when tm_mon is out of range

[nuczyc]

Describe the bug

The mktime function in axlibc triggers a kernel panic (Index Out of Bounds) when provided with a struct tm containing a tm_mon value outside the standard range (0-11).

arceos/ulib/axlibc/src/mktime.rs

Line 50 in bcc354a

day += MONTH_DAYS[leap][month as usize] as i64;

To Reproduce

1. Compile the program and run.

#include <time.h>
#include <stdio.h>
#include <string.h>

int main() {
    struct tm tm_time;
    
    // Initialize tm structure with invalid tm_mon value
    // tm_mon should be 0-11, but we set it to 20 to trigger index out of bounds
    memset(&tm_time, 0, sizeof(tm_time));
    tm_time.tm_year = 120;  // Year 2020
    tm_time.tm_mon = 20;    // Invalid month (should be 0-11)
    tm_time.tm_mday = 15;   // Day of month
    tm_time.tm_hour = 12;   // Hours
    tm_time.tm_min = 30;    // Minutes
    tm_time.tm_sec = 45;    // Seconds
    
    printf("Calling mktime with invalid tm_mon=%d\n", tm_time.tm_mon);
    
    // This call should trigger the index out of bounds panic in ArceOS's mktime implementation
    // The panic occurs at MONTH_DAYS[leap][tm_mon] where tm_mon=20 exceeds the array bounds
    time_t result = mktime(&tm_time);
    
    printf("mktime returned: %ld\n", result);
    return 0;
}

Environment

• ArceOS version: [Introduce max-cpu-num config item, remove all direct usages of axconf… · arceos-org/arceos@bcc354a](bcc354a)

Logs

SeaBIOS (version 1.16.3-debian-1.16.3-2)


iPXE (https://ipxe.org) 00:03.0 CA00 PCI2.10 PnP PMM+06FCAA40+06F0AA40 CA00
                                                                               


Booting from ROM..TSC frequency: 4000 MHz

       d8888                            .d88888b.   .d8888b.
      d88888                           d88P" "Y88b d88P  Y88b
     d88P888                           888     888 Y88b.
    d88P 888 888d888  .d8888b  .d88b.  888     888  "Y888b.
   d88P  888 888P"   d88P"    d8P  Y8b 888     888     "Y88b.
  d88P   888 888     888      88888888 888     888       "888
 d8888888888 888     Y88b.    Y8b.     Y88b. .d88P Y88b  d88P
d88P     888 888      "Y8888P  "Y8888   "Y88888P"   "Y8888P"

arch = x86_64
platform = x86-pc
target = x86_64-unknown-none
build_mode = release
log_level = info
smp = 1

[  0.002916 0 axruntime:136] Logging is enabled.
[  0.003238 0 axruntime:137] Primary CPU 0 started, arg = 0x9500.
[  0.003665 0 axruntime:140] Found physcial memory regions:
[  0.004040 0 axruntime:142]   [PA:0x0, PA:0x100000) reserved (READ | WRITE | RESERVED)
[  0.004482 0 axruntime:142]   [PA:0x100000, PA:0x200000) free memory (READ | WRITE | FREE)
[  0.004940 0 axruntime:142]   [PA:0x200000, PA:0x24c000) .text (READ | EXECUTE | RESERVED)
[  0.005380 0 axruntime:142]   [PA:0x24c000, PA:0x25a000) .rodata (READ | RESERVED)
[  0.005789 0 axruntime:142]   [PA:0x25a000, PA:0x266000) .data .tdata .tbss .percpu (READ | WRITE | RESERVED)
[  0.006360 0 axruntime:142]   [PA:0x266000, PA:0x2a6000) boot stack (READ | WRITE | RESERVED)
[  0.006853 0 axruntime:142]   [PA:0x2a6000, PA:0x2af000) .bss (READ | WRITE | RESERVED)
[  0.007361 0 axruntime:142]   [PA:0x2af000, PA:0x7fdc000) free memory (READ | WRITE | FREE)
[  0.007884 0 axruntime:142]   [PA:0xb0000000, PA:0xc0000000) mmio (READ | WRITE | DEVICE | RESERVED)
[  0.008374 0 axruntime:142]   [PA:0xfe000000, PA:0xfec00000) mmio (READ | WRITE | DEVICE | RESERVED)
[  0.009060 0 axruntime:142]   [PA:0xfec00000, PA:0xfec01000) mmio (READ | WRITE | DEVICE | RESERVED)
[  0.009550 0 axruntime:142]   [PA:0xfed00000, PA:0xfed01000) mmio (READ | WRITE | DEVICE | RESERVED)
[  0.010047 0 axruntime:142]   [PA:0xfee00000, PA:0xfee01000) mmio (READ | WRITE | DEVICE | RESERVED)
[  0.010526 0 axruntime:217] Initialize global memory allocator...
[  0.010868 0 axruntime:218]   use TLSF allocator.
[  0.011212 0 axmm:103] Initialize virtual memory management...
[  0.012593 0 axruntime:157] Initialize platform devices...
[  0.012915 0 axplat_x86_pc::apic:65] Initialize Local APIC...
[  0.013245 0 axplat_x86_pc::apic:80] Using x2APIC.
[  0.013547 0 axplat_x86_pc::apic:95] Initialize IO APIC...
[  0.013886 0 axtask::api:73] Initialize scheduling...
[  0.014271 0 axtask::api:79]   use FIFO scheduler.
[  0.014612 0 axdriver:152] Initialize device drivers...
[  0.014973 0 axdriver:153]   device model: static
[  0.022538 0 virtio_drivers::device::blk:59] config: 0xffff8000fe002000
[  0.023044 0 virtio_drivers::device::blk:64] found a block device of size 65536KB
[  0.023594 0 axdriver::bus::pci:104] registered a new Block device at 00:02.0: "virtio-blk"
[  0.028931 0 virtio_drivers::device::net::dev_raw:30] negotiated_features Features(MAC | STATUS | RING_INDIRECT_DESC | RING_EVENT_IDX)
[  0.030465 0 axdriver::bus::pci:104] registered a new Net device at 00:03.0: "virtio-net"
[  0.148311 0 axfs:41] Initialize filesystems...
[  0.148600 0 axfs:44]   use block device 0: "virtio-blk"
[  0.150686 0 fatfs::dir:145] Is a directory
[  0.153378 0 fatfs::dir:145] Is a directory
[  0.157004 0 fatfs::dir:145] Is a directory
[  0.162072 0 fatfs::dir:145] Is a directory
[  0.164227 0 axnet:42] Initialize network subsystem...
[  0.164541 0 axnet:45]   use NIC 0: "virtio-net"
[  0.166619 0 axnet::smoltcp_impl:333] created net interface "eth0":
[  0.166997 0 axnet::smoltcp_impl:334]   ether:    52-54-00-12-34-56
[  0.167372 0 axnet::smoltcp_impl:335]   ip:       10.0.2.15/24
[  0.167713 0 axnet::smoltcp_impl:336]   gateway:  10.0.2.2
[  0.168047 0 axruntime:183] Initialize interrupt handlers...
[  0.168446 0 axruntime:195] Primary CPU 0 init OK.
Calling mktime with invalid tm_mon=20
[  0.168973 0:2 axruntime::lang_items:5] panicked at ulib/axlibc/src/mktime.rs:50:20:
index out of bounds: the len is 12 but the index is 19
[  0.169639 0:2 axplat_x86_pc::power:25] Shutting down...