s3:lib: Fix possible 32-bit arithmetic overflow

Reported by covscan.

Potentially overflowing expression "glue->gtimeout * 1000" with type "int"
(32 bits, signed) is evaluated using 32-bit arithmetic, and then used in
a context that expects an expression of type "uint64_t" (64 bits, unsigned).

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Mar  5 08:04:28 UTC 2022 on sn-devel-184

diff --git a/source3/lib/tevent_glib_glue.c b/source3/lib/tevent_glib_glue.c
index b83f2036d9aa823159189e598c1194d77e5cc1f3..1e1d62e585c0d0e3a81681de28bf22bc8a53accf 100644 (file)
--- a/source3/lib/tevent_glib_glue.c
+++ b/source3/lib/tevent_glib_glue.c
@@ -538,7 +538,6 @@ static bool get_glib_fds_and_timeout(struct tevent_glib_glue *glue)
 
 static bool tevent_glib_update_events(struct tevent_glib_glue *glue)
 {
-       uint64_t microsec;
        struct timeval tv;
        bool ok;
 
@@ -580,9 +579,8 @@ static bool tevent_glib_update_events(struct tevent_glib_glue *glue)
                return true;
        }
 
-       microsec = glue->gtimeout * 1000;
-       tv = tevent_timeval_current_ofs(microsec / 1000000,
-                                       microsec % 1000000);
+       tv = tevent_timeval_current_ofs(glue->gtimeout / 1000,
+                                       (glue->gtimeout % 1000) * 1000);
 
        glue->timer = tevent_add_timer(glue->ev,
                                       glue,