From 0009e60a914ef5239ba2f8cc19e07ab5368e49b1 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Sun, 12 Jun 2011 20:35:47 +0100
Subject: [PATCH] integer arithmetic types: correct perhaps-possible negative
 timeout situation

site_settimeout assumes that its timeout parameter is not before now.
Following the logic of the code this would appear to be currently
true, although I'm not absolutely certain.

Nevertheless it would be better to avoid this assumption.  Instead,
use a signed variable for the time until the timeout, and explicitly
turn negative values into zero.

The use of an int64_t will not cause an arithmetic overflow provided
that no timeouts are more than 2^64 milliseconds (around 580x10^6 yr)
in the past or the future.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---
 site.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/site.c b/site.c
index 8ef8f5a..c2a2303 100644
--- a/site.c
+++ b/site.c
@@ -936,7 +936,8 @@ static inline void site_settimeout(uint64_t timeout, uint64_t *now,
 				   int *timeout_io)
 {
     if (timeout) {
-	uint64_t offset=timeout-*now;
+	int64_t offset=timeout-*now;
+	if (offset<0) offset=0;
 	if (offset>INT_MAX) offset=INT_MAX;
 	if (*timeout_io<0 || offset<*timeout_io)
 	    *timeout_io=offset;
-- 
2.30.2