Re: [Openvpn-devel] [PATCH v2] Check for time_t overflow in event_timeout_trigger()

2018-03-04 Thread Steffan Karger
Hi, On 01-03-18 05:15, Selva Nair wrote: > We can avoid all overflow and eliminate the check and the ASSERT > by writing it as > > time_t wakeup = (et->last - local_now) + et->n; // parens added for clarity > > For the first subtraction to overflow, last and now have to differ by >> INT_MAX

Re: [Openvpn-devel] [PATCH v2] Check for time_t overflow in event_timeout_trigger()

2018-02-28 Thread Selva Nair
Hi, On Tue, Jan 2, 2018 at 5:28 PM, Steffan Karger wrote: > As reported in trac #922, the wakeup computation in > event_timeout_trigger() could overflow. Since time_t and int are signed > types, that is officially undefined behvaiour. > > On systems with a 64-bit signed

Re: [Openvpn-devel] [PATCH v2] Check for time_t overflow in event_timeout_trigger()

2018-02-24 Thread Steffan Karger
Hi On 23-02-18 00:02, Selva Nair wrote: > On Thu, Feb 22, 2018 at 5:37 PM, Selva Nair wrote: >>> +/** Return true if the addition of a and b would overflow. */ >>> +static inline bool >>> +time_t_add_overflow(time_t a, time_t b) { >>> +static_assert(((time_t) -1) < 0,

Re: [Openvpn-devel] [PATCH v2] Check for time_t overflow in event_timeout_trigger()

2018-02-22 Thread Selva Nair
Hi, On Thu, Feb 22, 2018 at 5:37 PM, Selva Nair wrote: >> +/** Return true if the addition of a and b would overflow. */ >> +static inline bool >> +time_t_add_overflow(time_t a, time_t b) { >> +static_assert(((time_t) -1) < 0, "OpenVPN assumes time_t is signed"); >> +

Re: [Openvpn-devel] [PATCH v2] Check for time_t overflow in event_timeout_trigger()

2018-02-22 Thread Selva Nair
Hi, This just caught my fancy :) On Tue, Jan 2, 2018 at 5:28 PM, Steffan Karger wrote: > As reported in trac #922, the wakeup computation in > event_timeout_trigger() could overflow. Since time_t and int are signed > types, that is officially undefined behvaiour. > > On

[Openvpn-devel] [PATCH v2] Check for time_t overflow in event_timeout_trigger()

2018-01-02 Thread Steffan Karger
As reported in trac #922, the wakeup computation in event_timeout_trigger() could overflow. Since time_t and int are signed types, that is officially undefined behvaiour. On systems with a 64-bit signed time_t (most if not all 64-bit system), the overflow was caused by the (unnecessary) cast to