Year 2038 problem


The year 2038 problem is a time computing problem that leaves some computer systems unable to represent times after 03:14:07 UTC on 19 January 2038.
The problem exists in systems which measure Unix time—the number of seconds elapsed since the Unix epoch —and store it in a signed 32-bit integer. The data type is only capable of representing integers between − and 2 − 1, meaning the latest time that can be properly encoded is 2 − 1 seconds after epoch. Attempting to increment to the following second will cause the integer to overflow, setting its value to − which systems will interpret as 2 seconds before epoch. Systems using unsigned 32-bit integers will overflow in 2106. The problem resembles the year 2000 problem but arises from limitations in base-2 time representation, rather than base-10.
Computer systems that use time for critical computations may encounter fatal errors if the year 2038 problem is not addressed. Some applications that use future dates have already encountered the bug. The most vulnerable systems are those which are infrequently or never updated, such as legacy and embedded systems. Modern systems and software updates to legacy systems address this problem by using signed 64-bit integers instead of 32-bit integers, which will take 292 billion years to overflow—approximately 21 times the estimated age of the universe.

Cause

Many computer systems measure time and date using Unix time, an international standard for digital timekeeping. Unix time is defined as the number of seconds elapsed, ignoring leap seconds, since 00:00:00 UTC on 1 January 1970, known as the Unix epoch.
Unix time has historically been encoded as a signed 32-bit integer, a data type composed of 32 binary digits which represent an integer value, with 'signed' meaning that the number can represent both positive and negative numbers, as well as zero; and is usually stored in two's complement format. Thus, a signed 32-bit integer can only represent integer values from − to 2 − 1 inclusive. Consequently, if a signed 32-bit integer is used to store Unix time, the latest time that can be stored is 2 − 1 seconds after epoch, which is. Systems that attempt to increment this value by one more second to 2 seconds after epoch will suffer integer overflow, inadvertently flipping the sign bit to indicate a negative number. This changes the integer value to −, or 2 seconds before epoch rather than after, which systems will interpret as. From here, systems will continue to count up, toward zero, and then up through the positive integers again. As many computer systems use time computations to run critical functions, the bug may introduce serious problems.

Vulnerable systems

Any system using data structures with signed 32-bit time representations has an inherent risk of failing. A full list of these data structures is virtually impossible to derive, but there are well-known data structures that have the Unix time problem:
  • File systems that use 32 bits to represent times in inodes, such as ext2, ext3, and reiserFS.
  • Databases with 32-bit time fields.
  • Database query languages that have UNIX_TIMESTAMP-like commands.
  • Many 32-bit Android devices on Android 4 or earlier, including ZTE Blade, Google Nexus 7 and 2012 Toshiba Android tablets.
  • OS X-era PowerPC Macs will have their system clock get stuck on the rollover time as of Mac OS X Tiger.
  • 32-bit iOS devices as of iPhone 5 on circa iOS 9 will be unable to unlock or to consistently enter charging mode, and the lockscreen clock will not show up.
  • As of circa Windows 10 version 22H2, if an x86 device has not been turned on at the rollover point, but is started up after the rollover, the system clock skips ahead to April 12, 2160, and the date options in Windows 10's main settings menu does not show any selectable numbers.
  • Software built with Visual Studio has the _gmtime32 format roll over at 19 January 2038 00:00:00. Software built with pre-2005 versions of Visual Studio were known to have _gmtime correspond to _gmtime32, and the correspondence can be forced when building with 32-bit versions of Visual Studio through Visual Studio 2019 by specifying _USE_32BIT_TIME_T.

    Embedded systems

s that use dates for either computation or diagnostic logging are most likely to be affected by the Y2038 problem. Despite the modern 18–24 month generational update in computer systems technology, embedded systems are designed to last the lifetime of the machine in which they are a component. It is conceivable that some of these systems may still be in use in 2038. It may be difficult or, in some cases, impossible to upgrade the software running these systems, ultimately requiring replacement if the 32-bit limitations are to be corrected.
Many transportation systems, from flight to automobiles, use embedded systems extensively. In automotive systems, this may include anti-lock braking system, electronic stability control, traction control, and automatic four-wheel drive; aircraft may use inertial guidance systems and GPS receivers.
Another major use of embedded systems is in communications devices, including cell phones and Internet-enabled appliances which rely on storing an accurate time and date and are increasingly based on Unix-like operating systems.
However, this does not imply that all embedded systems will suffer from the Y2038 problem, since many such systems do not require access to dates. For those that do, those systems which only track the difference between times/dates and not absolute times/dates will, by the nature of the calculation, not experience a major problem. This is the case for automotive diagnostics based on legislated standards such as CARB.

Early problems

In May 2006, reports surfaced of an early manifestation of the Y2038 problem in the AOLserver software. The software was designed with a kludge to handle a database request that should "never" time out. Rather than specifically handling this special case, the initial design simply specified an arbitrary time-out date in the future with a default configuration specifying that requests should time out after a maximum of one billion seconds. However, one billion seconds before the 2038 cutoff date is 01:27:28 UTC on 13 May 2006, so requests sent after this time would result in a time-out date which is beyond the cutoff. This made time-out calculations overflow and return dates that were actually in the past, causing software to crash. When the problem was discovered, AOLServer operators had to edit the configuration file and set the time-out to a lower value.
Many types of self-signed CA certificates generated on 32-bit systems can have very long expiration dates that go beyond the rollover point, which will make them not work correctly, affecting HTTPS verifications on services and sites that use them.
The MS Filtering Engine Update anti-malware functions of Microsoft Exchange Server installations broke on January 1, 2022 after an update. The functions mapped the processed UpdateVersion numbers to the Unix time stamp numbers despite their times being very different, so when the engine received the 220101001 update, which it took to mean 2201010001 with an extra zero near the end, it tried mapping it to the 32-bit Unix time's number and failed due to being higher than 2147483647. Affected Exchange servers failed to work unless they turned off the anti-malware functions, and an automated fix was published on January 5, 2022.
In Oracle Access Management version 10.1.4.3 for Windows, the Identity Console component sets a cookie containing UI preferences with an expiry of 500,000,000 seconds in the future. This is beyond 19 January 2038 and so it throws an exception for certain search activities after 02:20:48 UTC on 17 March 2022 because the gmtime_r call cannot convert the number provided to a date to write to the cookie.

Solutions

There is no universal solution for the Year 2038 problem. For example, in the C language, any change to the definition of the time_t data type would result in code-compatibility problems in any application in which date and time representations are dependent on the nature of the signed 32-bit time_t integer. Changing time_t to an unsigned 32-bit integer, which would extend the range to 2106, would adversely affect programs that store, retrieve, or manipulate dates prior to 1970, as such dates are represented by negative numbers. Increasing the size of the time_t type to 64 bits in an existing system would cause incompatible changes to the layout of structures and the binary interface of functions.
Most operating systems designed to run on 64-bit hardware already use signed 64-bit time_t integers. Using a signed 64-bit value introduces a new wraparound date that is over twenty times greater than the estimated age of the universe: approximately 292 billion years from now. The ability to make computations on dates is limited by the fact that tm_year uses a signed 32-bit integer value starting at 1900 for the year. This limits the year to a maximum of 2,147,485,547.
Alternative proposals have been made, such as storing either milliseconds or microseconds since an epoch in a signed 64-bit integer, providing a minimum range of 292,000 years at microsecond resolution. In particular, Java's and JavaScript's use of 64-bit signed integers to represent absolute timestamps as "milliseconds since 1 January 1970" will work correctly for the next. Other proposals for new time representations provide different precisions, ranges, and sizes, as well as solving other related problems, such as the handling of leap seconds. In particular, TAI64 is an implementation of the International Atomic Time standard, the current international real-time standard for defining a second and frame of reference.