CERT.MSC.ASCTIME

Do not pass invalid data to the asctime() function.

This checker highlights calls to asctime() for review of potential invalid data.

Vulnerability and risk

On implementations that do not detect output-string-length overflow, it is possible to overflow the output buffers.

External guidance

• CERT MSC33-C: Do not pass invalid data to the asctime() function