date: extract try_alloc_padded helper and add large-width test

sylvestre · sylvestre · commit 9c1cbca4237d · 2026-04-04T13:25:01.000+02:00
Co-authored-by: Sylvestre Ledru &lt;sylvestre@debian.org&gt;
diff --git a/src/uu/date/src/format_modifiers.rs b/src/uu/date/src/format_modifiers.rs
@@ -395,38 +395,14 @@ fn apply_modifiers(
             // Zero padding: sign first, then zeros (e.g., "-0022")
             let sign = result.chars().next().unwrap();
             let rest = &result[1..];
-            let target_len = result.len().checked_add(padding).ok_or_else(|| {
-                FormatError::FieldWidthTooLarge {
-                    width: effective_width,
-                    specifier: specifier.to_string(),
-                }
-            })?;
-            let mut padded = String::new();
-            padded
-                .try_reserve(target_len)
-                .map_err(|_| FormatError::FieldWidthTooLarge {
-                    width: effective_width,
-                    specifier: specifier.to_string(),
-                })?;
+            let mut padded = try_alloc_padded(result.len(), padding, effective_width, specifier)?;
             padded.push(sign);
             padded.extend(std::iter::repeat_n('0', padding));
             padded.push_str(rest);
             result = padded;
         } else {
             // Default: pad on the left (e.g., "  -22" or "  1999")
-            let target_len = result.len().checked_add(padding).ok_or_else(|| {
-                FormatError::FieldWidthTooLarge {
-                    width: effective_width,
-                    specifier: specifier.to_string(),
-                }
-            })?;
-            let mut padded = String::new();
-            padded
-                .try_reserve(target_len)
-                .map_err(|_| FormatError::FieldWidthTooLarge {
-                    width: effective_width,
-                    specifier: specifier.to_string(),
-                })?;
+            let mut padded = try_alloc_padded(result.len(), padding, effective_width, specifier)?;
             padded.extend(std::iter::repeat_n(pad_char, padding));
             padded.push_str(&result);
             result = padded;
@@ -436,6 +412,30 @@ fn apply_modifiers(
     Ok(result)
 }
 
+/// Allocate a `String` with enough capacity for `current_len + padding`,
+/// returning `FieldWidthTooLarge` on arithmetic overflow or allocation failure.
+fn try_alloc_padded(
+    current_len: usize,
+    padding: usize,
+    width: usize,
+    specifier: &str,
+) -> Result<String, FormatError> {
+    let target_len =
+        current_len
+            .checked_add(padding)
+            .ok_or_else(|| FormatError::FieldWidthTooLarge {
+                width,
+                specifier: specifier.to_string(),
+            })?;
+    let mut s = String::new();
+    s.try_reserve(target_len)
+        .map_err(|_| FormatError::FieldWidthTooLarge {
+            width,
+            specifier: specifier.to_string(),
+        })?;
+    Ok(s)
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;
diff --git a/tests/by-util/test_date.rs b/tests/by-util/test_date.rs
@@ -2432,6 +2432,39 @@ fn test_date_format_modifier_huge_width_fails_without_abort() {
     new_ucmd!().arg(&format).fails().code_is(1);
 }
 
+#[test]
+fn test_date_format_large_width_no_oom() {
+    // Regression: very large width like %8888888888r caused OOM.
+    // GNU caps width to i32::MAX; verify we don't crash.
+    // Use a moderate width with a fixed date to check the code path works.
+    new_ucmd!()
+        .arg("-d")
+        .arg("2024-01-01")
+        .arg("+%300S")
+        .succeeds()
+        .stdout_is(format!("{}\n", format_args!("{:0>300}", "00")));
+
+    // Test with a larger width to exercise the code path without producing
+    // gigabytes of output (the original %8888888888r would produce ~2GB).
+    new_ucmd!()
+        .arg("-d")
+        .arg("2024-01-01")
+        .arg("+%10000S")
+        .succeeds()
+        .stdout_is(format!("{}\n", format_args!("{:0>10000}", "00")));
+
+    // Mixed literal text with multiple width-modified specifiers.
+    // 2024-01-01 is Monday (day-of-week 1).
+    // %2u → "01", literal "ueuu", %6666u → "1" zero-padded to 6666, literal "-r".
+    let expected = format!("01ueuu{}-r\n", format_args!("{:0>6666}", "1"));
+    new_ucmd!()
+        .arg("-d")
+        .arg("2024-01-01")
+        .arg("+%2uueuu%6666u-r")
+        .succeeds()
+        .stdout_is(expected);
+}
+
 // Tests for format modifier edge cases (flags without explicit width)
 #[test]
 fn test_date_format_modifier_edge_cases() {
