Overflow
Without a doubt, one of the most significant threats to the correct and secure operation of software systems is overflow. In software terms, overflow is the condition that arises when a value that is larger than a data structure is designed to hold is attempted to be stored in the data structure. When unanticipated overflow happens, unpredictable results occur, and this unpredictable behavior can manifest itself as anything from cosmetic errors to gaping security holes that allow foreign code execution.
32-bit Integer Time Values
Historically, many operating systems and by extension applications and file systems have chosen to represent time values as an integer number of time units offset from a reference date or epoch. One of the more common of these are UNIX-derived operating systems, which represent time values internally as a signed 32-bit integer defined as the number of seconds since Jan 1 1970 00:00:00 UTC, hereafter referred to as UNIX time.
A 32-bit integer is able to represent 4294967296 values, which when defined as seconds gives a range of about 136 years. UNIX time, being a signed value, can therefore represent dates and times from about 68 years before Jan 1 1970 until about 68 years after Jan 1 1970. The exact range is from Dec 13 1901 20:45:52 UTC until Jan 19 2038 03:14:07 UTC.
Most applications that deal with time values are written naively, expecting time values to be monotonically increasing "for ever". They are not prepared for the overflow that will occur when the time value is incremented by one second at the end of the representable range, which in the case of integer arithmetic will result in the value wrapping around such that it thereafter represents the beginning of the time range. Information that is beginning to be written on this phenomenon typically refers to it as the "Year 2038 Problem", the "Y2.038K (or Y2K38) Problem" or the "UNIX Millennium Bug". On this site is is referred to as the more generic "Time32 Problem".
Scope
The number of systems affected by the Time32 Problem is at least comparable to the number of systems affected by the Year 2000 Problem, and may in fact be orders of magnitude higher. Solutions will not always be able to be implemented centrally in the operating system or shared libraries, but will require re-compilation of applications and conversion of file systems. Fixing the problem will require a huge effort, and even though there still are many years until the deadline, it is not too early to start planning the solutions. Time is running out!
References
Integer overflow
Year 2038 problem
Unix time
Year 2000 problem
- Log in to post comments