From b74a0d64e00770384d025e40becdb2ed83c04c0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wolfgang=20St=C3=B6ggl?= Date: Fri, 1 Apr 2022 19:14:49 +0200 Subject: [PATCH] Fix unsigned integer overflow in rrdtool first This fixes a signed/unsigned conversion bug in the calculation of "then". Background info: pdp_cnt and pdp_step are both unsigned long, whereas timer is signed. When multiplying signed and unsigned integers (same size), a signed is implicitly typecast to unsigned. - A similar fix has already been applied to rrd_dump.c in commit e193975 - Resolves #1140 --- src/rrd_first.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/rrd_first.c b/src/rrd_first.c index 0e93397c3..a696c5c38 100644 --- a/src/rrd_first.c +++ b/src/rrd_first.c @@ -113,7 +113,8 @@ time_t rrd_first_r( then = (rrd.live_head->last_up - rrd.live_head->last_up % (rrd.rra_def[rraindex].pdp_cnt * rrd.stat_head->pdp_step)) + - (timer * rrd.rra_def[rraindex].pdp_cnt * rrd.stat_head->pdp_step); + (timer * (long) rrd.rra_def[rraindex].pdp_cnt * + (long) rrd.stat_head->pdp_step); err_close: rrd_close(rrd_file); err_free: