fix several places where calculating ticks could overflow.

it's not enough to assign to an unsigned type because if the arithmetic
overflows the compiler may decide to do anything. so change all the
long long casts to uint64_t so that we start with the right type.
reported by Tim Newsham of NCC.
ok deraadt

diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c
index ad89f68..0d9eb78 100644 (file)
--- a/sys/kern/kern_sig.c
+++ b/sys/kern/kern_sig.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: kern_sig.c,v 1.200 2016/06/27 19:55:02 jca Exp $      */
+/*     $OpenBSD: kern_sig.c,v 1.201 2016/07/06 15:53:01 tedu Exp $     */
 /*     $NetBSD: kern_sig.c,v 1.54 1996/04/22 01:38:32 christos Exp $   */
 
 /*
@@ -1720,7 +1720,7 @@ sys___thrsigdivert(struct proc *p, void *v, register_t *retval)
        sigset_t *m;
        sigset_t mask = SCARG(uap, sigmask) &~ sigcantmask;
        siginfo_t si;
-       long long to_ticks = 0;
+       uint64_t to_ticks = 0;
        int timeinvalid = 0;
        int error = 0;
 
@@ -1737,7 +1737,7 @@ sys___thrsigdivert(struct proc *p, void *v, register_t *retval)
                if (ts.tv_nsec < 0 || ts.tv_nsec >= 1000000000)
                        timeinvalid = 1;
                else {
-                       to_ticks = (long long)hz * ts.tv_sec +
+                       to_ticks = (uint64_t)hz * ts.tv_sec +
                            ts.tv_nsec / (tick * 1000);
                        if (to_ticks > INT_MAX)
                                to_ticks = INT_MAX;

diff --git a/sys/kern/kern_synch.c b/sys/kern/kern_synch.c
index d72e0f5..1e3d682 100644 (file)
--- a/sys/kern/kern_synch.c
+++ b/sys/kern/kern_synch.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: kern_synch.c,v 1.132 2016/07/04 16:12:52 tedu Exp $   */
+/*     $OpenBSD: kern_synch.c,v 1.133 2016/07/06 15:53:01 tedu Exp $   */
 /*     $NetBSD: kern_synch.c,v 1.37 1996/04/22 01:38:37 christos Exp $ */
 
 /*
@@ -491,7 +491,7 @@ thrsleep(struct proc *p, struct sys___thrsleep_args *v)
        long ident = (long)SCARG(uap, ident);
        struct timespec *tsp = (struct timespec *)SCARG(uap, tp);
        void *lock = SCARG(uap, lock);
-       unsigned long long to_ticks = 0;
+       uint64_t to_ticks = 0;
        int abort, error;
        clockid_t clock_id = SCARG(uap, clock_id) & 0x7;
        int lockflags = SCARG(uap, clock_id) & 0x8;
@@ -516,7 +516,7 @@ thrsleep(struct proc *p, struct sys___thrsleep_args *v)
                }
 
                timespecsub(tsp, &now, tsp);
-               to_ticks = (long long)hz * tsp->tv_sec +
+               to_ticks = (uint64_t)hz * tsp->tv_sec +
                    (tsp->tv_nsec + tick * 1000 - 1) / (tick * 1000) + 1;
                if (to_ticks > INT_MAX)
                        to_ticks = INT_MAX;

diff --git a/sys/kern/kern_tc.c b/sys/kern/kern_tc.c
index 18f8ecb..948fc26 100644 (file)
--- a/sys/kern/kern_tc.c
+++ b/sys/kern/kern_tc.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: kern_tc.c,v 1.28 2014/12/10 02:44:47 tedu Exp $ */
+/*     $OpenBSD: kern_tc.c,v 1.29 2016/07/06 15:53:01 tedu Exp $ */
 
 /*
  * Copyright (c) 2000 Poul-Henning Kamp <phk@FreeBSD.org>
@@ -357,7 +357,7 @@ tc_setclock(struct timespec *ts)
        /* convert the bintime to ticks */
        bintime_sub(&bt, &bt2);
        bintime_add(&naptime, &bt);
-       adj_ticks = (long long)hz * bt.sec +
+       adj_ticks = (uint64_t)hz * bt.sec +
            (((uint64_t)1000000 * (uint32_t)(bt.frac >> 32)) >> 32) / tick;
        if (adj_ticks > 0) {
                if (adj_ticks > INT_MAX)

diff --git a/sys/kern/kern_timeout.c b/sys/kern/kern_timeout.c
index 8862af2..b4ec8cd 100644 (file)
--- a/sys/kern/kern_timeout.c
+++ b/sys/kern/kern_timeout.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: kern_timeout.c,v 1.47 2016/06/23 18:41:44 stefan Exp $        */
+/*     $OpenBSD: kern_timeout.c,v 1.48 2016/07/06 15:53:01 tedu Exp $  */
 /*
  * Copyright (c) 2001 Thomas Nordin <nordin@openbsd.org>
  * Copyright (c) 2000-2001 Artur Grabowski <art@openbsd.org>
@@ -202,9 +202,9 @@ timeout_add(struct timeout *new, int to_ticks)
 int
 timeout_add_tv(struct timeout *to, const struct timeval *tv)
 {
-       long long to_ticks;
+       uint64_t to_ticks;
 
-       to_ticks = (long long)hz * tv->tv_sec + tv->tv_usec / tick;
+       to_ticks = (uint64_t)hz * tv->tv_sec + tv->tv_usec / tick;
        if (to_ticks > INT_MAX)
                to_ticks = INT_MAX;
        if (to_ticks == 0 && tv->tv_usec > 0)
@@ -216,9 +216,9 @@ timeout_add_tv(struct timeout *to, const struct timeval *tv)
 int
 timeout_add_ts(struct timeout *to, const struct timespec *ts)
 {
-       long long to_ticks;
+       uint64_t to_ticks;
 
-       to_ticks = (long long)hz * ts->tv_sec + ts->tv_nsec / (tick * 1000);
+       to_ticks = (uint64_t)hz * ts->tv_sec + ts->tv_nsec / (tick * 1000);
        if (to_ticks > INT_MAX)
                to_ticks = INT_MAX;
        if (to_ticks == 0 && ts->tv_nsec > 0)
@@ -230,9 +230,9 @@ timeout_add_ts(struct timeout *to, const struct timespec *ts)
 int
 timeout_add_bt(struct timeout *to, const struct bintime *bt)
 {
-       long long to_ticks;
+       uint64_t to_ticks;
 
-       to_ticks = (long long)hz * bt->sec + (long)(((uint64_t)1000000 *
+       to_ticks = (uint64_t)hz * bt->sec + (long)(((uint64_t)1000000 *
            (uint32_t)(bt->frac >> 32)) >> 32) / tick;
        if (to_ticks > INT_MAX)
                to_ticks = INT_MAX;
@@ -245,9 +245,9 @@ timeout_add_bt(struct timeout *to, const struct bintime *bt)
 int
 timeout_add_sec(struct timeout *to, int secs)
 {
-       long long to_ticks;
+       uint64_t to_ticks;
 
-       to_ticks = (long long)hz * secs;
+       to_ticks = (uint64_t)hz * secs;
        if (to_ticks > INT_MAX)
                to_ticks = INT_MAX;
 
@@ -257,9 +257,9 @@ timeout_add_sec(struct timeout *to, int secs)
 int
 timeout_add_msec(struct timeout *to, int msecs)
 {
-       long long to_ticks;
+       uint64_t to_ticks;
 
-       to_ticks = (long long)msecs * 1000 / tick;
+       to_ticks = (uint64_t)msecs * 1000 / tick;
        if (to_ticks > INT_MAX)
                to_ticks = INT_MAX;
        if (to_ticks == 0 && msecs > 0)