mktime: fix unlikely race+overflow bug

Problem reported by Alexandre Oliva in:
https://sourceware.org/bugzilla/show_bug.cgi?id=16346
* lib/mktime.c (__mktime_internal): Access *OFFSET only once,
to avoid an unlikely race if the compiler delays a load and
if this cascades into a signed integer overflow.

diff --git a/ChangeLog b/ChangeLog
index 1ad42cd98acd58c4605717b66eb80d774043444b..de712d8ce9d147a93a6e29c7594fe94e8db1a665 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2018-09-02  Paul Eggert  <eggert@cs.ucla.edu>
+
+       mktime: fix unlikely race+overflow bug
+       Problem reported by Alexandre Oliva in:
+       https://sourceware.org/bugzilla/show_bug.cgi?id=16346
+       * lib/mktime.c (__mktime_internal): Access *OFFSET only once,
+       to avoid an unlikely race if the compiler delays a load and
+       if this cascades into a signed integer overflow.
+
 2018-08-31  Paul Eggert  <eggert@cs.ucla.edu>
 
        mktime, timegm: simplify glibc time64_t

diff --git a/lib/mktime.c b/lib/mktime.c
index a307671feb33bea1205ee0318652e6f3852661fd..1a332e14aa0bab4127cb54ea509858040de8f627 100644 (file)
--- a/lib/mktime.c
+++ b/lib/mktime.c
@@ -394,6 +394,7 @@ __mktime_internal (struct tm *tp,
   long_int lmday = mday;
   long_int yday = mon_yday + lmday;
 
+  mktime_offset_t off = *offset;
   int negative_offset_guess;
 
   int sec_requested = sec;
@@ -411,7 +412,7 @@ __mktime_internal (struct tm *tp,
   /* Invert CONVERT by probing.  First assume the same offset as last
      time.  */
 
-  INT_SUBTRACT_WRAPV (0, *offset, &negative_offset_guess);
+  INT_SUBTRACT_WRAPV (0, off, &negative_offset_guess);
   t0 = ydhms_diff (year, yday, hour, min, sec,
                   EPOCH_YEAR - TM_YEAR_BASE, 0, 0, 0, negative_offset_guess);