From be3dc7223a6d75587e26f8b8d6d56920841e44b6 Mon Sep 17 00:00:00 2001
From: Stijn Tintel <stijn@linux-ipv6.be>
Date: Thu, 4 Nov 2021 01:17:39 +0200
Subject: uloop: avoid integer overflow in tv_diff

The tv_diff function can potentially overflow as soon as t2->tv_sec is
larger than 2147483. This is very easily hit in ujail, after only
2147484 seconds of uptime, or 24.85 days.

Improve the behaviour by changing the return type to int64_t.

Fixes: FS#3943
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
---
 uloop.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'uloop.c')

diff --git a/uloop.c b/uloop.c
index 8517366..2972727 100644
--- a/uloop.c
+++ b/uloop.c
@@ -249,7 +249,7 @@ int uloop_fd_delete(struct uloop_fd *fd)
 	return __uloop_fd_delete(fd);
 }
 
-static int tv_diff(struct timeval *t1, struct timeval *t2)
+static int64_t tv_diff(struct timeval *t1, struct timeval *t2)
 {
 	return
 		(t1->tv_sec - t2->tv_sec) * 1000 +
@@ -317,7 +317,7 @@ int uloop_timeout_cancel(struct uloop_timeout *timeout)
 	return 0;
 }
 
-int uloop_timeout_remaining(struct uloop_timeout *timeout)
+int64_t uloop_timeout_remaining(struct uloop_timeout *timeout)
 {
 	struct timeval now;
 
@@ -477,7 +477,7 @@ static void uloop_setup_signals(bool add)
 static int uloop_get_next_timeout(struct timeval *tv)
 {
 	struct uloop_timeout *timeout;
-	int diff;
+	int64_t diff;
 
 	if (list_empty(&timeouts))
 		return -1;
-- 
cgit v1.2.3