uloop: avoid integer overflow in tv_diff

The tv_diff function can potentially overflow as soon as t2->tv_sec is
larger than 2147483. This is very easily hit in ujail, after only
2147484 seconds of uptime, or 24.85 days.

Improve the behaviour by changing the return type to int64_t.

Fixes: FS#3943
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This commit is contained in:
Stijn Tintel 2021-11-04 01:17:39 +02:00
parent d716ac4bc4
commit be3dc7223a
2 changed files with 4 additions and 4 deletions

View file

@ -249,7 +249,7 @@ int uloop_fd_delete(struct uloop_fd *fd)
return __uloop_fd_delete(fd); return __uloop_fd_delete(fd);
} }
static int tv_diff(struct timeval *t1, struct timeval *t2) static int64_t tv_diff(struct timeval *t1, struct timeval *t2)
{ {
return return
(t1->tv_sec - t2->tv_sec) * 1000 + (t1->tv_sec - t2->tv_sec) * 1000 +
@ -317,7 +317,7 @@ int uloop_timeout_cancel(struct uloop_timeout *timeout)
return 0; return 0;
} }
int uloop_timeout_remaining(struct uloop_timeout *timeout) int64_t uloop_timeout_remaining(struct uloop_timeout *timeout)
{ {
struct timeval now; struct timeval now;
@ -477,7 +477,7 @@ static void uloop_setup_signals(bool add)
static int uloop_get_next_timeout(struct timeval *tv) static int uloop_get_next_timeout(struct timeval *tv)
{ {
struct uloop_timeout *timeout; struct uloop_timeout *timeout;
int diff; int64_t diff;
if (list_empty(&timeouts)) if (list_empty(&timeouts))
return -1; return -1;

View file

@ -92,7 +92,7 @@ int uloop_fd_delete(struct uloop_fd *sock);
int uloop_timeout_add(struct uloop_timeout *timeout); int uloop_timeout_add(struct uloop_timeout *timeout);
int uloop_timeout_set(struct uloop_timeout *timeout, int msecs); int uloop_timeout_set(struct uloop_timeout *timeout, int msecs);
int uloop_timeout_cancel(struct uloop_timeout *timeout); int uloop_timeout_cancel(struct uloop_timeout *timeout);
int uloop_timeout_remaining(struct uloop_timeout *timeout); int64_t uloop_timeout_remaining(struct uloop_timeout *timeout);
int uloop_process_add(struct uloop_process *p); int uloop_process_add(struct uloop_process *p);
int uloop_process_delete(struct uloop_process *p); int uloop_process_delete(struct uloop_process *p);