From 713fe6463e6ff8cb9689aa8ead88c885d25d03aa Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Thu, 22 Aug 2013 14:13:50 -0700 Subject: [PATCH] Apply upstream commit 943a6621866e9d6e654f5cfe1494378c1fb8957a. Author: Paul Eggert Date: Thu Aug 22 12:47:51 2013 -0700 * localtime.c: Fix another integer overflow bug in mktime. (time2sub): Avoid undefined behavior on time_t overflow. Reported by Elliott Hughes in . Bug: 10310929 Change-Id: I3bf26f1f91371552e0a3828457d27e22af55acb2 --- libc/Android.mk | 2 -- libc/tzcode/localtime.c | 8 ++++---- libc/tzcode/private.h | 10 ++++++++++ 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/libc/Android.mk b/libc/Android.mk index af308cb8c..cfc124cae 100644 --- a/libc/Android.mk +++ b/libc/Android.mk @@ -717,8 +717,6 @@ LOCAL_CFLAGS := \ -DTZDIR=\"/system/usr/share/zoneinfo\" \ -DTM_GMTOFF=tm_gmtoff \ -DUSG_COMPAT=1 -# tzcode currently relies on signed overflow in numerous places (http://b/10310929). -LOCAL_CFLAGS += -fno-strict-overflow LOCAL_C_INCLUDES := $(libc_common_c_includes) LOCAL_MODULE := libc_tzcode LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk diff --git a/libc/tzcode/localtime.c b/libc/tzcode/localtime.c index d1b49e5c0..b23eca468 100644 --- a/libc/tzcode/localtime.c +++ b/libc/tzcode/localtime.c @@ -1812,14 +1812,14 @@ time2sub(struct tm * const tmp, } else dir = tmcomp(&mytm, &yourtm); if (dir != 0) { if (t == lo) { - ++t; - if (t <= lo) + if (t == time_t_max) return WRONG; + ++t; ++lo; } else if (t == hi) { - --t; - if (t >= hi) + if (t == time_t_min) return WRONG; + --t; --hi; } if (lo > hi) diff --git a/libc/tzcode/private.h b/libc/tzcode/private.h index a31a26e16..1a938a2ac 100644 --- a/libc/tzcode/private.h +++ b/libc/tzcode/private.h @@ -304,6 +304,16 @@ const char * scheck(const char * string, const char * format); #define TYPE_SIGNED(type) (((type) -1) < 0) #endif /* !defined TYPE_SIGNED */ +/* The minimum and maximum finite time values. */ +static time_t const time_t_min = + (TYPE_SIGNED(time_t) + ? (time_t) -1 << (CHAR_BIT * sizeof (time_t) - 1) + : 0); +static time_t const time_t_max = + (TYPE_SIGNED(time_t) + ? - (~ 0 < 0) - ((time_t) -1 << (CHAR_BIT * sizeof (time_t) - 1)) + : -1); + /* ** Since the definition of TYPE_INTEGRAL contains floating point numbers, ** it cannot be used in preprocessor directives.