From be3dc7223a6d75587e26f8b8d6d56920841e44b6 Mon Sep 17 00:00:00 2001 From: Stijn Tintel Date: Thu, 4 Nov 2021 01:17:39 +0200 Subject: [PATCH] uloop: avoid integer overflow in tv_diff The tv_diff function can potentially overflow as soon as t2->tv_sec is larger than 2147483. This is very easily hit in ujail, after only 2147484 seconds of uptime, or 24.85 days. Improve the behaviour by changing the return type to int64_t. Fixes: FS#3943 Signed-off-by: Stijn Tintel --- uloop.c | 6 +++--- uloop.h | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/uloop.c b/uloop.c index 8517366..2972727 100644 --- a/uloop.c +++ b/uloop.c @@ -249,7 +249,7 @@ int uloop_fd_delete(struct uloop_fd *fd) return __uloop_fd_delete(fd); } -static int tv_diff(struct timeval *t1, struct timeval *t2) +static int64_t tv_diff(struct timeval *t1, struct timeval *t2) { return (t1->tv_sec - t2->tv_sec) * 1000 + @@ -317,7 +317,7 @@ int uloop_timeout_cancel(struct uloop_timeout *timeout) return 0; } -int uloop_timeout_remaining(struct uloop_timeout *timeout) +int64_t uloop_timeout_remaining(struct uloop_timeout *timeout) { struct timeval now; @@ -477,7 +477,7 @@ static void uloop_setup_signals(bool add) static int uloop_get_next_timeout(struct timeval *tv) { struct uloop_timeout *timeout; - int diff; + int64_t diff; if (list_empty(&timeouts)) return -1; diff --git a/uloop.h b/uloop.h index 36084f5..ab6149f 100644 --- a/uloop.h +++ b/uloop.h @@ -92,7 +92,7 @@ int uloop_fd_delete(struct uloop_fd *sock); int uloop_timeout_add(struct uloop_timeout *timeout); int uloop_timeout_set(struct uloop_timeout *timeout, int msecs); int uloop_timeout_cancel(struct uloop_timeout *timeout); -int uloop_timeout_remaining(struct uloop_timeout *timeout); +int64_t uloop_timeout_remaining(struct uloop_timeout *timeout); int uloop_process_add(struct uloop_process *p); int uloop_process_delete(struct uloop_process *p);