Fix a potential time-wraparound issue in pinger.c.

A compiler warning drew my attention to the fact that 'next' in pinger_schedule() was an int, not the unsigned long it should have been. And looking at the code that handles it, it was also taking no care with integer wraparound when checking whether an existing scheduled ping should be moved forward. So now I do something a bit more robust, by remembering what time it _was_ when we set pinger->next, and checking if the new time value falls in the interval between those two times.
2025-07-02 03:52:49 -05:00 · 2016-04-01 13:27:03 +01:00
parent 46051027fb
commit b4202c917a
3 changed files with 17 additions and 3 deletions
--- a/pinger.c
+++ b/pinger.c
@ -8,7 +8,7 @@
 struct pinger_tag {
    int interval;
    int pending;
-    unsigned long next;
+    unsigned long when_set, next;
    Backend *back;
    void *backhandle;
 };
@ -28,7 +28,7 @@ static void pinger_timer(void *ctx, unsigned long now)

 static void pinger_schedule(Pinger pinger)
 {
-    int next;
+    unsigned long next;

    if (!pinger->interval) {
 	pinger->pending = FALSE;       /* cancel any pending ping */
@ -37,8 +37,10 @@ static void pinger_schedule(Pinger pinger)

    next = schedule_timer(pinger->interval * TICKSPERSEC,
 			  pinger_timer, pinger);
-    if (!pinger->pending || next < pinger->next) {
+    if (!pinger->pending ||
+        (next - pinger->when_set) < (pinger->next - pinger->when_set)) {
 	pinger->next = next;
+        pinger->when_set = timing_last_clock();
 	pinger->pending = TRUE;
    }
 }