hw/serial.c: Avoid integer multiply overflow in token generation calculation

If calls to serial_get_token are too far apart then delta.tv_sec may
be too large to multiply by 1E9.  So we clamp delta to 2s.
(cherry picked from commit d2807803a5ba22003155ed50802f7c4e92c8ddd7)

diff --git a/hw/serial.c b/hw/serial.c
index 8e161dda6bfaee1d3357ffd5cd31a171c8527375..dc8efad1f6ac95a7cd310345b0a3ae66b97659ca 100644 (file)
--- a/hw/serial.c
+++ b/hw/serial.c
@@ -311,6 +311,11 @@ static void serial_get_token(void)
                ;
            goto retry;
        }
+        if (delta.tv_sec >= 2) {
+            /* avoid arithmetic overflow if it has been ages */
+            delta.tv_sec = 2;
+            delta.tv_nsec = 0;
+        }
        generated = (delta.tv_sec * 1000000000) / TOKEN_PERIOD;
        generated +=
            ((delta.tv_sec * 1000000000) % TOKEN_PERIOD + delta.tv_nsec) / TOKEN_PERIOD;