xfs_io: fix integer over/underflow handling in timespec_from_string

When we're filling out the struct timespec, make sure we detect when the
string value cannot be represented by a (potentially 32-bit) seconds
field in struct timespec.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>

diff --git a/libxcmd/input.c b/libxcmd/input.c
index d232d4f3547dbcafa40e081503b159ecf662314a..137856e3b320d0410b57d648afad8b6e61fe8f35 100644 (file)
--- a/libxcmd/input.c
+++ b/libxcmd/input.c
@@ -183,19 +183,30 @@ timestr(
 
 int
 timespec_from_string(
-       const char      * secs,
-       const char      * nsecs,
-       struct timespec * ts)
+       const char              *secs,
+       const char              *nsecs,
+       struct timespec         *ts)
 {
-       char* p;
+       char                    *p;
+       unsigned long long int  ll;
+
        if (!secs || !nsecs || !ts)
                return 1;
-       ts->tv_sec = strtoull(secs, &p, 0);
+
+       ll = strtoull(secs, &p, 0);
        if (*p)
                return 1;
-       ts->tv_nsec = strtoull(nsecs, &p, 0);
+       ts->tv_sec = ll;
+       if ((unsigned long long int)ts->tv_sec != ll)
+               return 1;
+
+       ll = strtoull(nsecs, &p, 0);
        if (*p)
                return 1;
+       ts->tv_nsec = ll;
+       if ((unsigned long long int)ts->tv_nsec != ll)
+               return 1;
+
        return 0;
 }