Last week the news started coming about regarding various computing system failures caused by the rollover to the year 2010. I wondered how easy it would be to identify such bugs in open source software, using Google Code Search. What kind of bug would be would be easy to identify? A common error in the last century was to use a C printf format string "19%d", which would roll over from 1999 to 19100 at the turn of the century.
What if people used "200%d" as a format string? That would roll over from 2009 to 20010 in the year 2010. But surely nobody would actually do that, right? Wrong. Some of those hits are false hits and not relevant to dates, but I found about 10 open source projects with such date-related format strings. Some of them are:
I've sent suggested patches to fix the bug(s) to each project that I could find.
I'm pretty sure this technique of using Google Code Search has been used to locate unsafe coding practices related to software security vulnerabilities, but I wonder whether anybody has successfully applied it to other types of software bugs.