Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Thu Aug 22 12:47:51 2013 -0700
* localtime.c: Fix another integer overflow bug in mktime.
(time2sub): Avoid undefined behavior on time_t overflow.
Reported by Elliott Hughes in
<http://mm.icann.org/pipermail/tz/2013-August/019580.html>.
Bug:
10310929
Change-Id: I3bf26f1f91371552e0a3828457d27e22af55acb2
-DTZDIR=\"/system/usr/share/zoneinfo\" \
-DTM_GMTOFF=tm_gmtoff \
-DUSG_COMPAT=1
-# tzcode currently relies on signed overflow in numerous places (http://b/10310929).
-LOCAL_CFLAGS += -fno-strict-overflow
LOCAL_C_INCLUDES := $(libc_common_c_includes)
LOCAL_MODULE := libc_tzcode
LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
} else dir = tmcomp(&mytm, &yourtm);
if (dir != 0) {
if (t == lo) {
- ++t;
- if (t <= lo)
+ if (t == time_t_max)
return WRONG;
+ ++t;
++lo;
} else if (t == hi) {
- --t;
- if (t >= hi)
+ if (t == time_t_min)
return WRONG;
+ --t;
--hi;
}
if (lo > hi)
#define TYPE_SIGNED(type) (((type) -1) < 0)
#endif /* !defined TYPE_SIGNED */
+/* The minimum and maximum finite time values. */
+static time_t const time_t_min =
+ (TYPE_SIGNED(time_t)
+ ? (time_t) -1 << (CHAR_BIT * sizeof (time_t) - 1)
+ : 0);
+static time_t const time_t_max =
+ (TYPE_SIGNED(time_t)
+ ? - (~ 0 < 0) - ((time_t) -1 << (CHAR_BIT * sizeof (time_t) - 1))
+ : -1);
+
/*
** Since the definition of TYPE_INTEGRAL contains floating point numbers,
** it cannot be used in preprocessor directives.
OSDN Git Service
