diff options
| author | Lennart Poettering <lennart@poettering.net> | 2022-08-24 10:41:23 +0200 |
|---|---|---|
| committer | Luca Boccassi <luca.boccassi@gmail.com> | 2022-08-24 21:41:40 +0100 |
| commit | 782c6e5c9050ba2de141906732e0a7e14b0c1550 (patch) | |
| tree | 4e2f2d05c3e87a4b66262e85d55e3c3c7a0ed1f5 /src/basic | |
| parent | 2306b4656a822e83c2a2563131be8d676c8bfb71 (diff) | |
| download | systemd-782c6e5c9050ba2de141906732e0a7e14b0c1550.tar.gz | |
time-util: fix overflow condition in usec_sub_signed()
If the delta specified is INT64_MIN, and we negate that we'd end up at
INT64_MAX+1 which is outside of the int64_t type. Hence let's treat this
case specifically to avoid unintended overflows.
Diffstat (limited to 'src/basic')
| -rw-r--r-- | src/basic/time-util.h | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/basic/time-util.h b/src/basic/time-util.h index bf312442b0..c98f95a530 100644 --- a/src/basic/time-util.h +++ b/src/basic/time-util.h @@ -189,10 +189,15 @@ static inline usec_t usec_sub_unsigned(usec_t timestamp, usec_t delta) { } static inline usec_t usec_sub_signed(usec_t timestamp, int64_t delta) { + if (delta == INT64_MIN) { /* prevent overflow */ + assert_cc(-(INT64_MIN + 1) == INT64_MAX); + assert_cc(USEC_INFINITY > INT64_MAX); + return usec_add(timestamp, (usec_t) INT64_MAX + 1); + } if (delta < 0) return usec_add(timestamp, (usec_t) (-delta)); - else - return usec_sub_unsigned(timestamp, (usec_t) delta); + + return usec_sub_unsigned(timestamp, (usec_t) delta); } #if SIZEOF_TIME_T == 8 |