Fix Integer-overflow in base::Time::FromExploded.

base/time/time_posix.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/time/time.h"
 
 #include <stdint.h>
 #include <sys/time.h>
 #include <time.h>
 #if defined(OS_ANDROID) && !defined(__LP64__)
@@ skipping 224 matching lines @@
   timestruct.tm_mon    = exploded.month - 1;
   timestruct.tm_year   = exploded.year - 1900;
   timestruct.tm_wday   = exploded.day_of_week;  // mktime/timegm ignore this
   timestruct.tm_yday   = 0;     // mktime/timegm ignore this
   timestruct.tm_isdst  = -1;    // attempt to figure it out
 #if !defined(OS_NACL) && !defined(OS_SOLARIS)
   timestruct.tm_gmtoff = 0;     // not a POSIX field, so mktime/timegm ignore
   timestruct.tm_zone   = NULL;  // not a POSIX field, so mktime/timegm ignore
 #endif
 
-  int64_t milliseconds;
   SysTime seconds;
 
   // Certain exploded dates do not really exist due to daylight saving times,
   // and this causes mktime() to return implementation-defined values when
   // tm_isdst is set to -1. On Android, the function will return -1, while the
   // C libraries of other platforms typically return a liberally-chosen value.
   // Handling this requires the special code below.
 
   // SysTimeFromTimeStruct() modifies the input structure, save current value.
   struct tm timestruct0 = timestruct;
@@ skipping 17 matching lines @@
     else if (seconds_isdst1 < 0)
       seconds = seconds_isdst0;
     else
       seconds = std::min(seconds_isdst0, seconds_isdst1);
   }
 
   // Handle overflow.  Clamping the range to what mktime and timegm might
   // return is the best that can be done here.  It's not ideal, but it's better
   // than failing here or ignoring the overflow case and treating each time
   // overflow as one second prior to the epoch.
+  int64_t milliseconds = 0;
   if (seconds == -1 &&
       (exploded.year < 1969 || exploded.year > 1970)) {
     // If exploded.year is 1969 or 1970, take -1 as correct, with the
     // time indicating 1 second prior to the epoch.  (1970 is allowed to handle
     // time zone and DST offsets.)  Otherwise, return the most future or past
     // time representable.  Assumes the time_t epoch is 1970-01-01 00:00:00 UTC.
     //
     // The minimum and maximum representible times that mktime and timegm could
     // return are used here instead of values outside that range to allow for
     // proper round-tripping between exploded and counter-type time
@@ skipping 12 matching lines @@
     const int64_t max_seconds = (sizeof(SysTime) < sizeof(int64_t))
                                     ? std::numeric_limits<SysTime>::max()
                                     : std::numeric_limits<int32_t>::max();
     if (exploded.year < 1969) {
       milliseconds = min_seconds * kMillisecondsPerSecond;
     } else {
       milliseconds = max_seconds * kMillisecondsPerSecond;
       milliseconds += (kMillisecondsPerSecond - 1);
     }
   } else {
-    milliseconds = seconds * kMillisecondsPerSecond + exploded.millisecond;
+    base::CheckedNumeric<int64_t> checked_millis = seconds;
+    checked_millis *= kMillisecondsPerSecond;
+    checked_millis += exploded.millisecond;
+    if (!checked_millis.IsValid()) {
+      *time = base::Time(0);
+      return false;
+    }
+    milliseconds = checked_millis.ValueOrDie();
   }
 
-  // Adjust from Unix (1970) to Windows (1601) epoch.
-  base::Time converted_time =
-      Time((milliseconds * kMicrosecondsPerMillisecond) +
-           kWindowsEpochDeltaMicroseconds);
+  // Adjust from Unix (1970) to Windows (1601) epoch avoiding overflows.
+  base::CheckedNumeric<int64_t> checked_microseconds_win_epoch = milliseconds;
+  checked_microseconds_win_epoch *= kMicrosecondsPerMillisecond;
+  checked_microseconds_win_epoch += kWindowsEpochDeltaMicroseconds;
+  if (!checked_microseconds_win_epoch.IsValid()) {
+    *time = base::Time(0);
+    return false;
+  }
+  base::Time converted_time(checked_microseconds_win_epoch.ValueOrDie());
 
   // If |exploded.day_of_month| is set to 31 on a 28-30 day month, it will
   // return the first day of the next month. Thus round-trip the time and
   // compare the initial |exploded| with |utc_to_exploded| time.
   base::Time::Exploded to_exploded;
   if (!is_local)
     converted_time.UTCExplode(&to_exploded);
   else
     converted_time.LocalExplode(&to_exploded);
 
@@ skipping 65 matching lines @@
     result.tv_usec = static_cast<suseconds_t>(Time::kMicrosecondsPerSecond) - 1;
     return result;
   }
   int64_t us = us_ - kTimeTToMicrosecondsOffset;
   result.tv_sec = us / Time::kMicrosecondsPerSecond;
   result.tv_usec = us % Time::kMicrosecondsPerSecond;
   return result;
 }
 
 }  // namespace base