We are about to switch to a new data type for time stamps that is definitely not smaller or equal, but larger or equal to time_t. So before using the system functions to process or format timestamps, let's make extra certain that they can handle what we feed them. Signed-off-by: Johannes Schindelin <johannes.schindelin@xxxxxx> --- date.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/date.c b/date.c index 92ab31aa441..63fa99685e2 100644 --- a/date.c +++ b/date.c @@ -46,7 +46,17 @@ static time_t gm_time_t(timestamp_t time, int tz) minutes = tz < 0 ? -tz : tz; minutes = (minutes / 100)*60 + (minutes % 100); minutes = tz < 0 ? -minutes : minutes; - return time + minutes * 60; + + if (minutes > 0) { + if (unsigned_add_overflows(time, minutes * 60)) + die("Timestamp+tz too large: %"PRItime" +%04d", + time, tz); + } else if (time < -minutes * 60) + die("Timestamp before Unix epoch: %"PRItime" %04d", time, tz); + time += minutes * 60; + if (date_overflows(time)) + die("Timestamp too large for this system: %"PRItime, time); + return (time_t)time; } /* @@ -70,7 +80,10 @@ static int local_tzoffset(timestamp_t time) struct tm tm; int offset, eastwest; - t = time; + if (date_overflows(time)) + die("Timestamp too large for this system: %"PRItime, time); + + t = (time_t)time; localtime_r(&t, &tm); t_local = tm_to_time_t(&tm); -- 2.12.2.windows.2.406.gd14a8f8640f