diff --git a/CHANGES b/CHANGES index 2752138eeb..b7231456af 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +3295. [bug] Adjust isc_time_secondsastimet range check to be more + portable. [RT # 26542] + 3294. [bug] isccc/cc.c:table_fromwire failed to free alist on error. [RT #28265] diff --git a/lib/isc/unix/time.c b/lib/isc/unix/time.c index 6bf2e9858e..23574b1af2 100644 --- a/lib/isc/unix/time.c +++ b/lib/isc/unix/time.c @@ -334,7 +334,6 @@ isc_time_seconds(const isc_time_t *t) { isc_result_t isc_time_secondsastimet(const isc_time_t *t, time_t *secondsp) { - isc_uint64_t i; time_t seconds; REQUIRE(t != NULL); @@ -354,33 +353,16 @@ isc_time_secondsastimet(const isc_time_t *t, time_t *secondsp) { * pretty much only true if time_t is a signed integer of the same * size as the return value of isc_time_seconds. * - * The use of the 64 bit integer ``i'' takes advantage of C's - * conversion rules to either zero fill or sign extend the widened - * type. - * - * Solaris 5.6 gives this warning about the left shift: - * warning: integer overflow detected: op "<<" - * if the U(nsigned) qualifier is not on the 1. + * If the paradox in the if clause below is true, t->seconds is out + * of range for time_t. */ seconds = (time_t)t->seconds; INSIST(sizeof(unsigned int) == sizeof(isc_uint32_t)); INSIST(sizeof(time_t) >= sizeof(isc_uint32_t)); - if (sizeof(time_t) == sizeof(isc_uint32_t) && /* Same size. */ - (time_t)0.5 != 0.5 && /* Not a floating point type. */ - (i = (time_t)-1) != 4294967295u && /* Is signed. */ - (seconds & - (1U << (sizeof(time_t) * CHAR_BIT - 1))) != 0U) { /* Negative. */ - /* - * This UNUSED() is here to shut up the IRIX compiler: - * variable "i" was set but never used - * when the value of i *was* used in the third test. - * (Let's hope the compiler got the actual test right.) - */ - UNUSED(i); + if (t->seconds > (~0U>>1) && seconds <= (time_t)(~0U>>1)) return (ISC_R_RANGE); - } *secondsp = seconds;