ts2timo(9): refactor TIMER_ABSTIME handling

- only use *start for output of the original time. for clarity purposes, use the temporary variable for everything else. - add a check for integer underflow Reported-by: syzbot+17b5072d5ed262a966d3@syzkaller.appspotmail.com
2021-03-18 14:01:18 +00:00 · 2021-03-18 14:01:18 +00:00 · 6f5e84c071
parent a95db40612
commit 6f5e84c071
1 changed files with 12 additions and 9 deletions
--- a/sys/kern/subr_time.c
+++ b/sys/kern/subr_time.c
@ -1,4 +1,4 @@
-/*	$NetBSD: subr_time.c,v 1.28 2021/03/18 13:45:15 nia Exp $	*/
+/*	$NetBSD: subr_time.c,v 1.29 2021/03/18 14:01:18 nia Exp $	*/

 /*
 * Copyright (c) 1982, 1986, 1989, 1993
@ -33,7 +33,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: subr_time.c,v 1.28 2021/03/18 13:45:15 nia Exp $");
+__KERNEL_RCSID(0, "$NetBSD: subr_time.c,v 1.29 2021/03/18 14:01:18 nia Exp $");

 #include <sys/param.h>
 #include <sys/kernel.h>
@ -332,17 +332,20 @@ ts2timo(clockid_t clock_id, int flags, struct timespec *ts,
 	if (ts->tv_nsec < 0 || ts->tv_nsec >= 1000000000L)
 		return EINVAL;

-	if (start == NULL)
-		start = &tsd;
-
-	if (flags != TIMER_RELTIME || start != &tsd) {
-		error = clock_gettime1(clock_id, start);
+	if (flags == TIMER_ABSTIME || start != NULL) {
+		error = clock_gettime1(clock_id, &tsd);
 		if (error != 0)
 			return error;
+		if (start != NULL)
+			*start = tsd;
 	}

-	if (flags != TIMER_RELTIME)
-		timespecsub(ts, start, ts);
+	if (flags == TIMER_ABSTIME) {
+		if ((tsd.tv_sec > 0 && ts->tv_sec < LLONG_MIN + tsd.tv_sec) ||
+		    (tsd.tv_sec < 0 && ts->tv_sec > LLONG_MAX + tsd.tv_sec))
+			return EINVAL;
+		timespecsub(ts, &tsd, ts);
+	}

 	error = itimespecfix(ts);
 	if (error != 0)