From df62119b7f11dbd97715668a6311410f67bea3c9 Mon Sep 17 00:00:00 2001 From: Tobias Stoeckmann Date: Sat, 22 Aug 2020 13:23:23 +0200 Subject: [PATCH] Prevent signed overflow in get_time_seed Casting time(2) return value to int and multiplying the result with such a constant will definitely lead to a signed overflow by this day. Since signed overflows are undefined behaviour in C, avoid this. Casting to unsigned is more than enough since the upper bits of a 64 bit time_t value will be removed with the int conversion anyway. --- random_seed.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/random_seed.c b/random_seed.c index c428da9..b4c0afd 100644 --- a/random_seed.c +++ b/random_seed.c @@ -305,7 +305,7 @@ static int get_time_seed(void) { DEBUG_SEED("get_time_seed"); - return (int)time(NULL) * 433494437; + return (unsigned)time(NULL) * 433494437; } /* json_c_get_random_seed */ -- 2.49.0