Date: 2010-01-07 23:45:00
y2010 bugs found via google code search

Last week the news started coming about regarding various computing system failures caused by the rollover to the year 2010. I wondered how easy it would be to identify such bugs in open source software, using Google Code Search. What kind of bug would be would be easy to identify? A common error in the last century was to use a C printf format string "19%d", which would roll over from 1999 to 19100 at the turn of the century.

What if people used "200%d" as a format string? That would roll over from 2009 to 20010 in the year 2010. But surely nobody would actually do that, right? Wrong. Some of those hits are false hits and not relevant to dates, but I found about 10 open source projects with such date-related format strings. Some of them are:

I've sent suggested patches to fix the bug(s) to each project that I could find.

I'm pretty sure this technique of using Google Code Search has been used to locate unsafe coding practices related to software security vulnerabilities, but I wonder whether anybody has successfully applied it to other types of software bugs.

[info]edm : Searching for Y2010 bugs
The other obvious one to search for, which caught SpamAssassin out, is a regex that catches 200x explicitly, viz:

Google Search: "200[0-9]"

It finds depressingly many problems (229 as the headline number), with both subversion and ntp being mentioned in the first page (albeit for minor things; the subversion one is a script to test if the copyright dates are correct).

If you wanted to write this up, I'm pretty sure you could get it published in LWN (at least while it's a topical issue).

[info]ghewgill : Re: Searching for Y2010 bugs
That is truly astounding.

I don't know whether I'm up for writing this up, I found myself getting annoyed after looking at just the first few results of the "200%d" search. I just can't fathom how people would mess this up. Is it programmers who started coding after 2000 and therefore have never had to deal with any year in any other decade? The mind boggles.
[info]pne : /200[0-9]/
That is truly astounding.

Not to mention depressing.
Greg Hewgill <>