1 files changed, 32 insertions, 0 deletions

diff --git a/user/rrdtool/signedness.patch b/user/rrdtool/signedness.patch
new file mode 100644
index 000000000..ad3451d9f
--- /dev/null
+++ b/user/rrdtool/signedness.patch
@@ -0,0 +1,32 @@
+From b74a0d64e00770384d025e40becdb2ed83c04c0c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Wolfgang=20St=C3=B6ggl?= <c72578@yahoo.de>
+Date: Fri, 1 Apr 2022 19:14:49 +0200
+Subject: [PATCH] Fix unsigned integer overflow in rrdtool first
+
+This fixes a signed/unsigned conversion bug in the calculation of
+"then". Background info:
+pdp_cnt and pdp_step are both unsigned long, whereas timer is signed.
+When multiplying signed and unsigned integers (same size), a signed is
+implicitly typecast to unsigned.
+
+- A similar fix has already been applied to rrd_dump.c
+  in commit e193975
+- Resolves #1140
+---
+ src/rrd_first.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/rrd_first.c b/src/rrd_first.c
+index 0e93397c3..a696c5c38 100644
+--- a/src/rrd_first.c
++++ b/src/rrd_first.c
+@@ -113,7 +113,8 @@ time_t rrd_first_r(
+     then = (rrd.live_head->last_up -
+             rrd.live_head->last_up %
+             (rrd.rra_def[rraindex].pdp_cnt * rrd.stat_head->pdp_step)) +
+-        (timer * rrd.rra_def[rraindex].pdp_cnt * rrd.stat_head->pdp_step);
++        (timer * (long) rrd.rra_def[rraindex].pdp_cnt *
++         (long) rrd.stat_head->pdp_step);
+   err_close:
+     rrd_close(rrd_file);
+   err_free: