Fix some potential integer overflows for expiration time #7338
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FREEBIE In a number of locations in the code, there were conversions of message expiration times from seconds to milliseconds, and then assigned to `long` contexts. However these conversions were being done as integer multiplication rather than long multiplication, meaning that there was a potential for overflows. Specifically, the maximum value that could be represented before overflowing was (2^31 / 1000 / 60 / 60 / 24) days = 24.8 days (< 1 month). Luckily the current allowed timeouts are all less than that value, but this fix would remove the artificial restriction, effectively allowing values of 1000x greater (68 years), at least for android. Related: signalapp#5775
s0
force-pushed
the
multiplication-cast
branch
from
f954e69
to
c26cb28
Compare
ghost
mentioned this pull request
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Contributor checklist
Fixes #1234syntaxDescription
In a number of locations in the code, there were conversions of message
expiration times from seconds to milliseconds, and then assigned to
longcontexts. However these conversions were being done as integer multiplication
rather than long multiplication, meaning that there was a potential for
overflows.
Specifically, the maximum value that could be represented before overflowing
was
(2^31 / 1000 / 60 / 60 / 24)days =24.8days (< 1 month). Luckily thecurrent allowed timeouts are all less than that value, but this fix would
remove the artificial restriction, effectively allowing values of 1000x greater
(68 years), at least for android.
Related: #5775
Full Disclosure: I initially found these problems on lgtm.com, which is a product that I work on. There are a bunch more alerts / findings that it is probably a good idea to look at.