Apply upstream commit 943a6621866e9d6e654f5cfe1494378c1fb8957a.

Author: Paul Eggert <eggert@cs.ucla.edu> Date: Thu Aug 22 12:47:51 2013 -0700 * localtime.c: Fix another integer overflow bug in mktime. (time2sub): Avoid undefined behavior on time_t overflow. Reported by Elliott Hughes in <http://mm.icann.org/pipermail/tz/2013-August/019580.html>. Bug: 10310929 Change-Id: I3bf26f1f91371552e0a3828457d27e22af55acb2
2013-08-22 14:13:50 -07:00 · 2013-08-22 14:13:50 -07:00 · 713fe6463e
commit 713fe6463e
parent c44205cf71
3 changed files with 14 additions and 6 deletions
--- a/libc/Android.mk
+++ b/libc/Android.mk
@ -717,8 +717,6 @@ LOCAL_CFLAGS := \
    -DTZDIR=\"/system/usr/share/zoneinfo\" \
    -DTM_GMTOFF=tm_gmtoff \
    -DUSG_COMPAT=1
-# tzcode currently relies on signed overflow in numerous places (http://b/10310929).
-LOCAL_CFLAGS += -fno-strict-overflow
 LOCAL_C_INCLUDES := $(libc_common_c_includes)
 LOCAL_MODULE := libc_tzcode
 LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
--- a/libc/tzcode/localtime.c
+++ b/libc/tzcode/localtime.c
@ -1812,14 +1812,14 @@ time2sub(struct tm * const tmp,
        } else  dir = tmcomp(&mytm, &yourtm);
        if (dir != 0) {
            if (t == lo) {
-                ++t;
-                if (t <= lo)
+                if (t == time_t_max)
                    return WRONG;
+                ++t;
                ++lo;
            } else if (t == hi) {
-                --t;
-                if (t >= hi)
+                if (t == time_t_min)
                    return WRONG;
+                --t;
                --hi;
            }
            if (lo > hi)
--- a/libc/tzcode/private.h
+++ b/libc/tzcode/private.h
@ -304,6 +304,16 @@ const char *	scheck(const char * string, const char * format);
 #define TYPE_SIGNED(type) (((type) -1) < 0)
 #endif /* !defined TYPE_SIGNED */

+/* The minimum and maximum finite time values.  */
+static time_t const time_t_min =
+  (TYPE_SIGNED(time_t)
+   ? (time_t) -1 << (CHAR_BIT * sizeof (time_t) - 1)
+   : 0);
+static time_t const time_t_max =
+  (TYPE_SIGNED(time_t)
+   ? - (~ 0 < 0) - ((time_t) -1 << (CHAR_BIT * sizeof (time_t) - 1))
+   : -1);
+
 /*
 ** Since the definition of TYPE_INTEGRAL contains floating point numbers,
 ** it cannot be used in preprocessor directives.