From: Ian Jackson <ian.jackson@eu.citrix.com>
Date: Wed, 1 Oct 2008 12:54:16 +0000 (+0100)
Subject: hw/serial.c: Avoid integer multiply overflow in token generation calculation
X-Git-Tag: xen-3.3.2-rc1~7
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=d235682c3e897db55899e1c89d988a17d0f5e463;p=qemu-xen-3.3-testing.git

hw/serial.c: Avoid integer multiply overflow in token generation calculation

If calls to serial_get_token are too far apart then delta.tv_sec may
be too large to multiply by 1E9.  So we clamp delta to 2s.
(cherry picked from commit d2807803a5ba22003155ed50802f7c4e92c8ddd7)
---

diff --git a/hw/serial.c b/hw/serial.c
index 8e161dda..dc8efad1 100644
--- a/hw/serial.c
+++ b/hw/serial.c
@@ -311,6 +311,11 @@ static void serial_get_token(void)
 		;
 	    goto retry;
 	}
+        if (delta.tv_sec >= 2) {
+            /* avoid arithmetic overflow if it has been ages */
+            delta.tv_sec = 2;
+            delta.tv_nsec = 0;
+        }
 	generated = (delta.tv_sec * 1000000000) / TOKEN_PERIOD;
 	generated +=
 	    ((delta.tv_sec * 1000000000) % TOKEN_PERIOD + delta.tv_nsec) / TOKEN_PERIOD;