eloop: Extend overflow check in eloop_register_timeout() to cover usec

Processing of usec could result in an additional +1 increment to sec and that might overflow. Extend the previously used overflow check to cover this special case as well. Signed-off-by: xinpeng wang <wangxinpeng@uniontech.com>
2021-09-13 17:14:15 +08:00 · 2021-09-13 17:14:15 +08:00 · 0ae677c7b4
commit 0ae677c7b4
parent a29c2399a7
1 changed files with 15 additions and 10 deletions
--- a/src/utils/eloop.c
+++ b/src/utils/eloop.c
@ -785,21 +785,15 @@ int eloop_register_timeout(unsigned int secs, unsigned int usecs,
 	}
 	now_sec = timeout->time.sec;
 	timeout->time.sec += secs;
-	if (timeout->time.sec < now_sec) {
-		/*
-		 * Integer overflow - assume long enough timeout to be assumed
-		 * to be infinite, i.e., the timeout would never happen.
-		 */
-		wpa_printf(MSG_DEBUG, "ELOOP: Too long timeout (secs=%u) to "
-			   "ever happen - ignore it", secs);
-		os_free(timeout);
-		return 0;
-	}
+	if (timeout->time.sec < now_sec)
+		goto overflow;
 	timeout->time.usec += usecs;
 	while (timeout->time.usec >= 1000000) {
 		timeout->time.sec++;
 		timeout->time.usec -= 1000000;
 	}
+	if (timeout->time.sec < now_sec)
+		goto overflow;
 	timeout->eloop_data = eloop_data;
 	timeout->user_data = user_data;
 	timeout->handler = handler;
@ -817,6 +811,17 @@ int eloop_register_timeout(unsigned int secs, unsigned int usecs,
 	dl_list_add_tail(&eloop.timeout, &timeout->list);

 	return 0;
+
+overflow:
+	/*
+	 * Integer overflow - assume long enough timeout to be assumed
+	 * to be infinite, i.e., the timeout would never happen.
+	 */
+	wpa_printf(MSG_DEBUG,
+		   "ELOOP: Too long timeout (secs=%u usecs=%u) to ever happen - ignore it",
+		   secs,usecs);
+	os_free(timeout);
+	return 0;
 }