@@ -800,6 +800,16 @@ int eloop_register_timeout(unsigned int secs, unsigned int usecs,
timeout->time.sec++;
timeout->time.usec -= 1000000;
}
+ if (timeout->time.sec < now_sec) {
+ /*
+ * Integer overflow - assume long enough timeout to be assumed
+ * to be infinite, i.e., the timeout would never happen.
+ */
+ wpa_printf(MSG_DEBUG, "ELOOP: Too long timeout (secs=%u usecs=%u) to "
+ "ever happen - ignore it", secs,usecs);
+ os_free(timeout);
+ return 0;
+ }
timeout->eloop_data = eloop_data;
timeout->user_data = user_data;
timeout->handler = handler;
In the process of processing usec, sec is increased and may overflow. Signed-off-by: xinpeng wang <wangxinpeng@uniontech.com> --- src/utils/eloop.c | 10 ++++++++++ 1 file changed, 10 insertions(+)