diff options
| author | teor (Tim Wilson-Brown) <teor2345@gmail.com> | 2016-06-29 12:53:50 +1000 |
|---|---|---|
| committer | teor (Tim Wilson-Brown) <teor2345@gmail.com> | 2016-06-29 12:53:50 +1000 |
| commit | 2e51608a8b7d883f5e187ccc83ed871e248442c2 (patch) | |
| tree | 512f9157470479a11ce31a8c0c3f1e0fe5dd3f67 /src/common/util.c | |
| parent | f42dbc4e263d3c5f9021d062c5ea0d3cfa29d47b (diff) | |
| download | tor-2e51608a8b7d883f5e187ccc83ed871e248442c2.tar.gz tor-2e51608a8b7d883f5e187ccc83ed871e248442c2.zip | |
Fix an integer overflow bug in the tv_mdiff range check
The temporary second used for rounding can cause overflow,
depending on the order the compiler performs the operations.
Diffstat (limited to 'src/common/util.c')
| -rw-r--r-- | src/common/util.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/common/util.c b/src/common/util.c index 4b6df81b7d..44994fb9c3 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -1394,6 +1394,7 @@ tv_udiff(const struct timeval *start, const struct timeval *end) long udiff; long secdiff = end->tv_sec - start->tv_sec; + /* end->tv_usec - start->tv_usec can be up to 1 second */ if (labs(secdiff)+1 > LONG_MAX/1000000) { log_warn(LD_GENERAL, "comparing times on microsecond detail too far " "apart: %ld seconds", secdiff); @@ -1412,7 +1413,9 @@ tv_mdiff(const struct timeval *start, const struct timeval *end) long mdiff; long secdiff = end->tv_sec - start->tv_sec; - if (labs(secdiff)+1 > LONG_MAX/1000) { + /* end->tv_usec - start->tv_usec can be up to 1 second, + * but the mdiff calculation adds another temporary second */ + if (labs(secdiff)+2 > LONG_MAX/1000) { log_warn(LD_GENERAL, "comparing times on millisecond detail too far " "apart: %ld seconds", secdiff); return LONG_MAX; |