I was considering making it print 19-Jan-2038 or something like that but
that's effort, I think skipping is fine.

OK florian if someone wants to commit this.

Btw. I did check the other calls to this family of functions and they
seem to be correct in httpd.

On 2024-06-24 12:55 -04, Henry Ford <henryfordkjv@gmail.com> wrote:
> httpd uses localtime_r(3) on the modification time of a file.
> It is possible that this modification time could be unrepresentable
> by a struct tm, in which case localtime_r will fail, leaving tm
> uninitialized.
> This diff checks for that condition and errors out appropriately.
>
> diff /usr/src
> commit - a96be6992871e57ed676b51a9a1512da3ab5f68c
> path + /usr/src
> blob - cdcc11cd800eb4a5b4c896f4912752a5ee87387e
> file + usr.sbin/httpd/server_file.c
> --- usr.sbin/httpd/server_file.c
> +++ usr.sbin/httpd/server_file.c
> @@ -558,7 +558,11 @@ server_file_index(struct httpd *env, struct client *cl
>  		}
>  
>  		t = subst.st_mtime;
> -		localtime_r(&t, &tm);
> +		if (localtime_r(&t, &tm) == NULL) {
> +			skip = 1;
> +			free(dp);
> +			continue;
> +		}
>  		strftime(tmstr, sizeof(tmstr), "%d-%h-%Y %R", &tm);
>  
>  		if ((escapeduri = url_encode(dp->d_name)) == NULL) {
>

-- 
In my defence, I have been left unsupervised.