3295. [bug] Adjust isc_time_secondsastimet range check to be more

portable. [RT # 26542]

CHANGES

@@ -1,3 +1,6 @@
+3295.	[bug]		Adjust isc_time_secondsastimet range check to be more
+			portable. [RT # 26542]
+
 3294.	[bug]		isccc/cc.c:table_fromwire failed to free alist on
 			error. [RT #28265]
 

lib/isc/unix/time.c

@@ -334,7 +334,6 @@ isc_time_seconds(const isc_time_t *t) {
 
 isc_result_t
 isc_time_secondsastimet(const isc_time_t *t, time_t *secondsp) {
-	isc_uint64_t i;
 	time_t seconds;
 
 	REQUIRE(t != NULL);
@@ -354,33 +353,16 @@ isc_time_secondsastimet(const isc_time_t *t, time_t *secondsp) {
 	 * pretty much only true if time_t is a signed integer of the same
 	 * size as the return value of isc_time_seconds.
 	 *
-	 * The use of the 64 bit integer ``i'' takes advantage of C's
-	 * conversion rules to either zero fill or sign extend the widened
-	 * type.
-	 *
-	 * Solaris 5.6 gives this warning about the left shift:
-	 *	warning: integer overflow detected: op "<<"
-	 * if the U(nsigned) qualifier is not on the 1.
+	 * If the paradox in the if clause below is true, t->seconds is out
+	 * of range for time_t.
 	 */
 	seconds = (time_t)t->seconds;
 
 	INSIST(sizeof(unsigned int) == sizeof(isc_uint32_t));
 	INSIST(sizeof(time_t) >= sizeof(isc_uint32_t));
 
-	if (sizeof(time_t) == sizeof(isc_uint32_t) &&	       /* Same size. */
-	    (time_t)0.5 != 0.5 &&	       /* Not a floating point type. */
-	    (i = (time_t)-1) != 4294967295u &&		       /* Is signed. */
-	    (seconds &
-	     (1U << (sizeof(time_t) * CHAR_BIT - 1))) != 0U) {   /* Negative. */
-		/*
-		 * This UNUSED() is here to shut up the IRIX compiler:
-		 *	variable "i" was set but never used
-		 * when the value of i *was* used in the third test.
-		 * (Let's hope the compiler got the actual test right.)
-		 */
-		UNUSED(i);
+	if (t->seconds > (~0U>>1) && seconds <= (time_t)(~0U>>1)) 
 		return (ISC_R_RANGE);
-	}
 
 	*secondsp = seconds;