From f45d127ada4fd0f3d64788c13d5f3e0b27ba7062 Mon Sep 17 00:00:00 2001
From: naruse <naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Thu, 16 Jun 2011 19:46:08 +0000
Subject: * time.c (rb_time_new): prevent overflow by "* 1000".

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32135 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 time.c | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

(limited to 'time.c')

diff --git a/time.c b/time.c
index d2c5ecc163..20eea4728f 100644
--- a/time.c
+++ b/time.c
@@ -2299,7 +2299,27 @@ time_new_timew(VALUE klass, wideval_t timew)
 VALUE
 rb_time_new(time_t sec, long usec)
 {
-    return time_new_timew(rb_cTime, nsec2timew(sec, usec * 1000));
+    wideval_t timew;
+
+    if (usec >= 1000000) {
+	long sec2 = usec / 1000000;
+	if (sec > TIMET_MAX - sec2) {
+	    rb_raise(rb_eRangeError, "out of Time range");
+	}
+	usec -= sec2 * 1000000;
+	sec += sec2;
+    }
+    else if (usec <= 1000000) {
+	long sec2 = usec / 1000000;
+	if (sec < -TIMET_MAX - sec2) {
+	    rb_raise(rb_eRangeError, "out of Time range");
+	}
+	usec -= sec2 * 1000000;
+	sec += sec2;
+    }
+
+    timew = nsec2timew(sec, usec * 1000);
+    return time_new_timew(rb_cTime, timew);
 }
 
 VALUE
-- 
cgit v1.2.3