From: Wolfgang Stöggl Date: Fri, 1 Apr 2022 17:14:49 +0000 (+0200) Subject: Fix unsigned integer overflow in rrdtool first X-Git-Tag: v1.9.0~32^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b74a0d64e00770384d025e40becdb2ed83c04c0c;p=thirdparty%2Frrdtool-1.x.git Fix unsigned integer overflow in rrdtool first This fixes a signed/unsigned conversion bug in the calculation of "then". Background info: pdp_cnt and pdp_step are both unsigned long, whereas timer is signed. When multiplying signed and unsigned integers (same size), a signed is implicitly typecast to unsigned. - A similar fix has already been applied to rrd_dump.c in commit e193975 - Resolves #1140 --- diff --git a/src/rrd_first.c b/src/rrd_first.c index 0e93397c..a696c5c3 100644 --- a/src/rrd_first.c +++ b/src/rrd_first.c @@ -113,7 +113,8 @@ time_t rrd_first_r( then = (rrd.live_head->last_up - rrd.live_head->last_up % (rrd.rra_def[rraindex].pdp_cnt * rrd.stat_head->pdp_step)) + - (timer * rrd.rra_def[rraindex].pdp_cnt * rrd.stat_head->pdp_step); + (timer * (long) rrd.rra_def[rraindex].pdp_cnt * + (long) rrd.stat_head->pdp_step); err_close: rrd_close(rrd_file); err_free: