apr icon indicating copy to clipboard operation
apr copied to clipboard
verified publisher icon apache

Fix timeout integer overflow

Open aale24 opened this issue 11 months ago • 1 comments

Fix integer overflow in apr_wait_for_io_or_timeout by performing the microseconds to milliseconds conversion before assigning to 32-bit timeout.

The timeout overflow occurs in APR's waitio.c when converting microseconds to milliseconds for poll(), where any timeout above 28 minutes and 25 seconds fails because the 32-bit integer overflows.

The proposed fix handles the conversion before assigning to the 32-bit integer, allowing timeouts up to 24.85 days to work correctly. Since poll() itself uses a 32-bit timeout parameter and practical timeouts rarely exceed days (max around 25 days), this fix handles all real-world use cases.

I reported this bug in https://bz.apache.org/bugzilla/show_bug.cgi?id=69542

aale24 avatar Feb 01 '25 22:02 aale24

Committed to trunk as 52bb09e9f52ec2b3a385c78b6a1b96d45b5015b2 / r1929188.

rpluem avatar Oct 17 '25 08:10 rpluem