Formatting timestamp with %#z panics

[domodwyer]

When attempting to format a timestamp with a strftime format string containing %#z it panics:

chrono/src/format/mod.rs

Line 673 in 088b693

panic!("Do not try to write %#z it is undefined")

This specifier is documented as being "parsing only" here, but we accept format strings from users (limited/validated) who may put %#z in the formatting sequence.

All other invalid cases (that I can see!) result in Err(std::fmt::Error) being returned:

chrono/src/format/mod.rs

Line 571 in 088b693

return Err(fmt::Error); // insufficient arguments for given format

This has the benefit of allowing the caller to handle the error when the timestamp formatter is invalid (as long as you're not using the infallible to_string()). This is one way we validate a user-provided strftime formatter - try and use it, catching any errors - but obviously this doesn't work for %#z because it immediately panics! Thsi was unexpected - we only discovered it through fuzz testing.

Is there a reason %#z panics over returning an error? I'd be happy to PR the change to return the error & test.

[djc]

Yeah, happy to review a PR for this!

[pitdicker]

@domodwyer It just so happens that we are looking at this code the last couple of days. In #1127 we try to come up with a way to not panic but find a good place to report en errors.

[pitdicker]

If it spares some work, the last commit here has the change and a test: #1121