From d235682c3e897db55899e1c89d988a17d0f5e463 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ian.jackson@eu.citrix.com>
Date: Wed, 1 Oct 2008 13:54:16 +0100
Subject: [PATCH] hw/serial.c: Avoid integer multiply overflow in token
 generation calculation

If calls to serial_get_token are too far apart then delta.tv_sec may
be too large to multiply by 1E9.  So we clamp delta to 2s.
(cherry picked from commit d2807803a5ba22003155ed50802f7c4e92c8ddd7)
---
 hw/serial.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/hw/serial.c b/hw/serial.c
index 8e161dda..dc8efad1 100644
--- a/hw/serial.c
+++ b/hw/serial.c
@@ -311,6 +311,11 @@ static void serial_get_token(void)
 		;
 	    goto retry;
 	}
+        if (delta.tv_sec >= 2) {
+            /* avoid arithmetic overflow if it has been ages */
+            delta.tv_sec = 2;
+            delta.tv_nsec = 0;
+        }
 	generated = (delta.tv_sec * 1000000000) / TOKEN_PERIOD;
 	generated +=
 	    ((delta.tv_sec * 1000000000) % TOKEN_PERIOD + delta.tv_nsec) / TOKEN_PERIOD;
-- 
2.39.5