From 3dd8ee8fa693597663b0338235becbb0b7a9520c Mon Sep 17 00:00:00 2001 From: Michal Sekletar Date: Thu, 25 Oct 2012 16:16:17 +0200 Subject: [PATCH] util: fix possible integer overflows --- src/shared/util.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/shared/util.c b/src/shared/util.c index 2d4a4c1..e2f8b1f 100644 --- a/src/shared/util.c +++ b/src/shared/util.c @@ -148,6 +148,9 @@ usec_t timespec_load(const struct timespec *ts) { ts->tv_nsec == (long) -1) return (usec_t) -1; + if (USEC_PER_SEC > ((UINT64_MAX - (ts->tv_nsec / NSEC_PER_USEC)) / (usec_t) ts->tv_sec)) + return (usec_t) -1; + return (usec_t) ts->tv_sec * USEC_PER_SEC + (usec_t) ts->tv_nsec / NSEC_PER_USEC; @@ -175,6 +178,9 @@ usec_t timeval_load(const struct timeval *tv) { tv->tv_usec == (suseconds_t) -1) return (usec_t) -1; + if (USEC_PER_SEC > (UINT64_MAX - tv->tv_usec) / (usec_t) tv->tv_sec) + return (usec_t) -1; + return (usec_t) tv->tv_sec * USEC_PER_SEC + (usec_t) tv->tv_usec; -- 1.7.10.4 From 49371bb50e0fe6e9e90309a20006bcfd9e2fa8f4 Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Mon, 29 Oct 2012 15:49:34 -0400 Subject: [PATCH] util: avoid divide by zero FPE In early userspace, if kernel initialization happens extremely quickly, a call to systemd-timestamp can potentially result in division by zero. Ensure that the check in timespec_load, which only makes sense if tv_sec is greater than zero, is guarded by this condition. --- src/shared/util.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/shared/util.c b/src/shared/util.c index e2f8b1f..9a45e60 100644 --- a/src/shared/util.c +++ b/src/shared/util.c @@ -148,7 +148,8 @@ usec_t timespec_load(const struct timespec *ts) { ts->tv_nsec == (long) -1) return (usec_t) -1; - if (USEC_PER_SEC > ((UINT64_MAX - (ts->tv_nsec / NSEC_PER_USEC)) / (usec_t) ts->tv_sec)) + if (ts->tv_sec > 0 && + USEC_PER_SEC > ((UINT64_MAX - (ts->tv_nsec / NSEC_PER_USEC)) / (usec_t) ts->tv_sec)) return (usec_t) -1; return -- 1.7.10.4 From fd09c93de9337c3df566180d04368353bb3662e7 Mon Sep 17 00:00:00 2001 From: Michal Schmidt Date: Mon, 29 Oct 2012 21:04:47 +0100 Subject: [PATCH] util: improve overflow checks commit 49371bb fixed the observed division by zero, but missed another occurrence of the same bug. It was also not the optimal fix. We can simply make the divisor a constant by swapping it with the compared value. --- src/shared/util.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/shared/util.c b/src/shared/util.c index 9a45e60..8ec83e4 100644 --- a/src/shared/util.c +++ b/src/shared/util.c @@ -148,8 +148,7 @@ usec_t timespec_load(const struct timespec *ts) { ts->tv_nsec == (long) -1) return (usec_t) -1; - if (ts->tv_sec > 0 && - USEC_PER_SEC > ((UINT64_MAX - (ts->tv_nsec / NSEC_PER_USEC)) / (usec_t) ts->tv_sec)) + if ((usec_t) ts->tv_sec > (UINT64_MAX - (ts->tv_nsec / NSEC_PER_USEC)) / USEC_PER_SEC) return (usec_t) -1; return @@ -179,7 +178,7 @@ usec_t timeval_load(const struct timeval *tv) { tv->tv_usec == (suseconds_t) -1) return (usec_t) -1; - if (USEC_PER_SEC > (UINT64_MAX - tv->tv_usec) / (usec_t) tv->tv_sec) + if ((usec_t) tv->tv_sec > (UINT64_MAX - tv->tv_usec) / USEC_PER_SEC) return (usec_t) -1; return -- 1.7.10.4