Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Fix potential overflow problem with timevals #646
When comparing a null timeval with a current timeval using curlx_tvdiff on a 32-bit linux system there's an overflow happening.
Compiling with -fsanitize=undefined I get this warning on startup of our app using libcurl:
.../curl/lib/timeval.c:120:37: runtime error: signed integer overflow: 5873565 * 1000 cannot be represented in type 'long int'
The attached fix solves the problem by checking for a null timeval before comparing. Strictly speaking the function probably should return something that's guaranteed to be 64-bit but the majority of the usecases actually cast the result to an int and basically just compares two timevals that are close together so I decided against making a bigger change.
Good catch! But since we use the *_tvdiff() function in quite a large number of places, maybe it would be better to fix that function to not do overflows? I'm thinking like this: