On 08/22/13 11:35, enh wrote:
looking at the Android AOSP git history, it looks like we found and fixed this bug years ago but never talked to upstream about it:
Thanks for the heads-up. If I understand all those patches aright, the following patch (which I've pushed to the experimental github repository) should fix things. I've fixed some other integer-overflow issues in the past few months, but I missed this one (and there are probably others I've missed).
From 943a6621866e9d6e654f5cfe1494378c1fb8957a Mon Sep 17 00:00:00 2001 From: Paul Eggert <eggert@cs.ucla.edu> Date: Thu, 22 Aug 2013 12:47:51 -0700 Subject: [PATCH] * localtime.c: Fix another integer overflow bug in mktime.
(time2sub): Avoid undefined behavior on time_t overflow. Reported by Elliott Hughes in <http://mm.icann.org/pipermail/tz/2013-August/019580.html>. --- localtime.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/localtime.c b/localtime.c index f58b20a..a0a4e5e 100644 --- a/localtime.c +++ b/localtime.c @@ -1789,14 +1789,14 @@ time2sub(struct tm *const tmp, } else dir = tmcomp(&mytm, &yourtm); if (dir != 0) { if (t == lo) { - ++t; - if (t <= lo) + if (t == time_t_max) return WRONG; + ++t; ++lo; } else if (t == hi) { - --t; - if (t >= hi) + if (t == time_t_min) return WRONG; + --t; --hi; } if (lo > hi) -- 1.7.11.7