From f6a178e91dd5fccf43f659eca887788fd5dcdccf Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 23 Oct 2018 22:24:16 +0900
Subject: [PATCH] util: check overflow in parse_nsec()

---
 src/basic/time-util.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/basic/time-util.c b/src/basic/time-util.c
index e24eef4082b..4d297394e2a 100644
--- a/src/basic/time-util.c
+++ b/src/basic/time-util.c
@@ -1194,12 +1194,22 @@ int parse_nsec(const char *t, nsec_t *nsec) {
 
                 for (i = 0; i < ELEMENTSOF(table); i++)
                         if (startswith(e, table[i].suffix)) {
-                                nsec_t k = (nsec_t) z * table[i].nsec;
+                                nsec_t k;
+
+                                k = ((nsec_t) -1) / table[i].nsec;
+                                if ((nsec_t) l + 1 >= k || (nsec_t) z >= k)
+                                        return -ERANGE;
+
+                                k = (nsec_t) z * table[i].nsec;
 
                                 for (; n > 0; n--)
                                         k /= 10;
 
-                                r += (nsec_t) l * table[i].nsec + k;
+                                k += (nsec_t) l * table[i].nsec;
+                                if (k >= ((nsec_t) -1) - r)
+                                        return -ERANGE;
+
+                                r += k;
                                 p = e + strlen(table[i].suffix);
 
                                 something = true;
-- 
2.47.3