aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEric Lubin <eric@lubin.us>2013-12-10 20:01:07 -0800
committerDaniel Stenberg <daniel@haxx.se>2013-12-11 16:32:21 +0100
commit7246dffff5c7d046c7558ca6bf35781a2fe58ee9 (patch)
tree0e20082a52a52eba1110ee0597853207e67a4008
parent41d21e460fc0455c01577ea5d88d89fdfe216a10 (diff)
parsedate: avoid integer overflow
In C, signed integer overflow is undefined behavior. Thus, the compiler is allowed to assume that it will not occur. In the check for an overflow, the developer assumes that the signed integer of type time_t will wrap around if it overflows. However, this behavior is undefined in the C standard. Thus, when the compiler sees this, it simplifies t + delta < t to delta < 0. Since delta > 0 and delta < 0 can't both be true, the entire if statement is optimized out under certain optimization levels. Thus, the parsedate function would return PARSEDATE_OK with an undefined value in the time, instead of return -1 = PARSEDATE_FAIL.
-rw-r--r--lib/parsedate.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/parsedate.c b/lib/parsedate.c
index 1ddd0080a..0262f13aa 100644
--- a/lib/parsedate.c
+++ b/lib/parsedate.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -526,7 +526,7 @@ static int parsedate(const char *date, time_t *output)
/* Add the time zone diff between local time zone and GMT. */
long delta = (long)(tzoff!=-1?tzoff:0);
- if((delta>0) && (t + delta < t))
+ if((delta>0) && (t > LONG_MAX - delta))
return -1; /* time_t overflow */
t += delta;