From 0ae677c7b434fe8a5f1890d940a60b9f61f63594 Mon Sep 17 00:00:00 2001 From: xinpeng wang Date: Mon, 13 Sep 2021 17:14:15 +0800 Subject: [PATCH] eloop: Extend overflow check in eloop_register_timeout() to cover usec Processing of usec could result in an additional +1 increment to sec and that might overflow. Extend the previously used overflow check to cover this special case as well. Signed-off-by: xinpeng wang --- src/utils/eloop.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/src/utils/eloop.c b/src/utils/eloop.c index b353ab0e4..00b0beff0 100644 --- a/src/utils/eloop.c +++ b/src/utils/eloop.c @@ -785,21 +785,15 @@ int eloop_register_timeout(unsigned int secs, unsigned int usecs, } now_sec = timeout->time.sec; timeout->time.sec += secs; - if (timeout->time.sec < now_sec) { - /* - * Integer overflow - assume long enough timeout to be assumed - * to be infinite, i.e., the timeout would never happen. - */ - wpa_printf(MSG_DEBUG, "ELOOP: Too long timeout (secs=%u) to " - "ever happen - ignore it", secs); - os_free(timeout); - return 0; - } + if (timeout->time.sec < now_sec) + goto overflow; timeout->time.usec += usecs; while (timeout->time.usec >= 1000000) { timeout->time.sec++; timeout->time.usec -= 1000000; } + if (timeout->time.sec < now_sec) + goto overflow; timeout->eloop_data = eloop_data; timeout->user_data = user_data; timeout->handler = handler; @@ -817,6 +811,17 @@ int eloop_register_timeout(unsigned int secs, unsigned int usecs, dl_list_add_tail(&eloop.timeout, &timeout->list); return 0; + +overflow: + /* + * Integer overflow - assume long enough timeout to be assumed + * to be infinite, i.e., the timeout would never happen. + */ + wpa_printf(MSG_DEBUG, + "ELOOP: Too long timeout (secs=%u usecs=%u) to ever happen - ignore it", + secs,usecs); + os_free(timeout); + return 0; }