Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 8 Oct 2015 19:47:27 -0400
From: Rich Felker <>
Subject: Re: Signed integer overflow in __secs_to_tm

On Wed, Oct 07, 2015 at 12:22:53PM +0200, Szabolcs Nagy wrote:
> * Brian Mastenbrook <> [2015-10-06 19:09:45 -0500]:
> > __secs_to_tm (used by gmtime_r et al) may invoke undefined
> > behavior due to signed integer overflow in two places. At
> > __secs_to_tm.c:58, 400*qc_cycles may overflow. At
> > __secs_to_tm.c:63, there is a nonsensical comparison between an
> > already overflowed value and INT_MAX or INT_MIN; the compiler will
> > delete this test due to overflow. Here are some example values
> > that provoke the overflow:
> > 
> i think that computation was supposed to be done
> with long longs and then the comparision is
> sensical and both problems go away.
> can you try the attached patch?

It looks good to me. I'm applying it. Thanks!


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.