Address potential integer overflow in time calculations

[stephen]

Coverity has reported two issues (CID 1202661 and 1202662) in src/lib/util/time_utilities.cc:

157uint64_t
158timeFromText64(const string& time_txt) {
159    // Confirm the source only consists digits.  sscanf() allows some
160    // minor exceptions.
161    for (string::size_type i = 0; i < time_txt.length(); ++i) {
162        if (!isdigit(time_txt.at(i))) {
163            isc_throw(InvalidTime, "Couldn't convert non-numeric time value: "
164                      << time_txt);
165        }
166    }
167
168    int year, month, day, hour, minute, second;
169    if (time_txt.length() != DATE_LEN ||
170        sscanf(time_txt.c_str(), "%4d%2d%2d%2d%2d%2d",
171               &year, &month, &day, &hour, &minute, &second) != 6)
172    {
173        isc_throw(InvalidTime, "Couldn't convert time value: " << time_txt);
174    }
175
176    checkRange(1970, 9999, year, "year");
177    checkRange(1, 12, month, "month");
178    checkRange(1, days[month - 1] + ((month == 2 && isLeap(year)) ? 1 : 0),
179            day, "day");
180    checkRange(0, 23, hour, "hour");
181    checkRange(0, 59, minute, "minute");
182    checkRange(0, 60, second, "second"); // 60 == leap second.
183
   
CID 1202661: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN) [select issue]
   
CID 1202662 (#1 of 1): Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)overflow_before_widen: Potentially overflowing expression 3600 * hour with type int (32 bits, signed) is evaluated using 32-bit arithmetic before being used in a context which expects an expression of type uint64_t (64 bits, unsigned). To avoid overflow, cast either operand to uint64_t before performing the multiplication.
184    uint64_t timeval = second + (60 * minute) + (3600 * hour) +
185        ((day - 1) * 86400);

[stephen]

Per Kea planning meeting in October, move out of 1.0.

[tomek]

Milestone renamed