Possible infinite loop in ponyint_formattime

[SeanTAllen]

This is an unlikely bug.

ponyint_formattime uses strftime to format a date. We don't know how big of a string we will need, so we allocate 64 bytes and try. If we succeed, we are done. If we get back 0 then we assume that we failed because the string wasn't big enough, allocate a bigger one and try again.

In some locales %p and %P result in no output so if they were the only bit of a format string, then 0 would be ok. We have code at the start of ponyint_formattime to detect this case:

  // Bail out on strftime formats that can produce a zero-length string.
  if((fmt[0] == '\0') || !strcmp(fmt, "%p") || !strcmp(fmt, "%P"))
  {
    buffer = (char*)pony_alloc(ctx, 1);
    buffer[0] = '\0';
    return buffer;
  }

However, that check is incomplete. It assumes that no one would do something like "%p%P" or "%p%p%p%p" etc.

We need to update our checks so that if we have a string that starts with %p or %P and contains only those format characters, that we return an empty string and do not proceed to using strftime.