[Mutt] #3018: integer overflow in curs_lib.c if time_inc is used
#3018: integer overflow in curs_lib.c if time_inc is used
When building Mutt with -ftrapv in CFLAGS and running it with a muttrc
file containing:
{{{
set time_inc=250
}}}
Mutt aborts at this line:
{{{
if (TimeInc)
progress->timestamp = tv.tv_sec * 1000 + tv.tv_usec / 1000;
}}}
In gdb, {{{print tv.tv_sec}}} outputs 1200664610. My original time_inc
patch didn't have such a problem since I didn't use timeval, but I think
the bug can easily be fixed by adding casts to {{{unsigned int}}} since
only relative timestamps matter (see attached patch). The
{{{
if (update && progress->timestamp && !gettimeofday (&tv, NULL)) {
}}}
can be wrong as {{{progress->timestamp}}} can be 0 due to the wrapping,
but I don't think this is a real problem in practice.
--
Ticket URL: <http://dev.mutt.org/trac/ticket/3018>