commit 2e51608a8b7d883f5e187ccc83ed871e248442c2 Author: teor (Tim Wilson-Brown) teor2345@gmail.com Date: Wed Jun 29 12:53:50 2016 +1000

Fix an integer overflow bug in the tv_mdiff range check

The temporary second used for rounding can cause overflow, depending on the order the compiler performs the operations. --- src/common/util.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/common/util.c b/src/common/util.c index 4b6df81..44994fb 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -1394,6 +1394,7 @@ tv_udiff(const struct timeval *start, const struct timeval *end) long udiff; long secdiff = end->tv_sec - start->tv_sec;

+ /* end->tv_usec - start->tv_usec can be up to 1 second */ if (labs(secdiff)+1 > LONG_MAX/1000000) { log_warn(LD_GENERAL, "comparing times on microsecond detail too far " "apart: %ld seconds", secdiff); @@ -1412,7 +1413,9 @@ tv_mdiff(const struct timeval *start, const struct timeval *end) long mdiff; long secdiff = end->tv_sec - start->tv_sec;

- if (labs(secdiff)+1 > LONG_MAX/1000) { + /* end->tv_usec - start->tv_usec can be up to 1 second, + * but the mdiff calculation adds another temporary second */ + if (labs(secdiff)+2 > LONG_MAX/1000) { log_warn(LD_GENERAL, "comparing times on millisecond detail too far " "apart: %ld seconds", secdiff); return LONG_MAX;