gui/SOURCES/xscreensaver-5.44-0102-ya_rand_init-avoid-signed-integer-overflow-by-with-r.patch

From 561ba41a83a8c9f4e66eb27f87e6b37e89858dcb Mon Sep 17 00:00:00 2001
From: Mamoru TASAKA <mtasaka@fedoraproject.org>
Date: Wed, 15 Apr 2020 23:15:40 +0900
Subject: [PATCH] ya_rand_init: avoid signed integer overflow by with recent
 pid_max value

 Recent Linux system (like Fedora) has kernel.pid_max value as 2^22
 (= 4194304), instead of old 65536 (=2^16) value. A quick reference is:
 https://unix.stackexchange.com/questions/231719/why-is-the-maximum-pid-in-a-64-bit-linux-system-222/231724

 With this value, on ya_rand_init(), multiplying the value returned by
 getpid() by 1003 (which is larger than 2^9) can get larger than 2^31,
 which causes signed overflow like:

 ../../utils/yarandom.c:123:21: runtime error: signed integer overflow: 3774303 * 1003 cannot be represented in type 'int'

as detected by gcc10 -sanitize=undefined.

This patch avoids signed overflow by casting values with unsigned int.
---
 utils/yarandom.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/utils/yarandom.c b/utils/yarandom.c
index f450735..0f51cb6 100644
--- a/utils/yarandom.c
+++ b/utils/yarandom.c
@@ -118,9 +118,9 @@ ya_rand_init(unsigned int seed)
 #define ROT(X,N) (((X)<<(N)) | ((X)>>((sizeof(unsigned int)*8)-(N))))
       seed = (999U * (unsigned int) tp.tv_sec);
       seed = ROT (seed, 11);
-      seed += (1001 * tp.tv_usec);
+      seed += (1001 * (unsigned int) tp.tv_usec);
       seed = ROT (seed, 7);
-      seed += (1003 * getpid());
+      seed += (1003 * (unsigned int) getpid());
       seed = ROT (seed, 13);
     }
 
-- 
2.25.2