Hi team,
Static analysis flagged a potential integer overflow in libvncserver/main.c (lines 1270, 1372) in version 0.9.14:
if(usec < 0)
usec = screen->deferUpdateTime * 1000;Here deferUpdateTime is int, usec is long.
Theoretically, overflow occurs when deferUpdateTime >= 2,147,484 ms (since int overflow happens before the result is assigned to long).
Based on the documentation and typical usage, deferUpdateTime stores milliseconds, and normally takes values like 20–40 ms (deferred screen update interval). However, I'd like to understand:
What is the maximum practical value that deferUpdateTime can actually have in real-world usage? Are there any legitimate scenarios where it could reach, say, minutes or hours (e.g., special configurations, slow links, or edge cases)?
This will help determine whether the static analysis warning is a false positive or something that genuinely needs fixing (e.g., by casting to long before multiplication: usec = screen->deferUpdateTime * 1000L).
Thanks!
Hi team,
Static analysis flagged a potential integer overflow in
libvncserver/main.c(lines 1270, 1372) in version 0.9.14:Here
deferUpdateTimeisint,usecislong.Theoretically, overflow occurs when
deferUpdateTime >= 2,147,484ms (sinceintoverflow happens before the result is assigned tolong).Based on the documentation and typical usage,
deferUpdateTimestores milliseconds, and normally takes values like 20–40 ms (deferred screen update interval). However, I'd like to understand:What is the maximum practical value that
deferUpdateTimecan actually have in real-world usage? Are there any legitimate scenarios where it could reach, say, minutes or hours (e.g., special configurations, slow links, or edge cases)?This will help determine whether the static analysis warning is a false positive or something that genuinely needs fixing (e.g., by casting to
longbefore multiplication:usec = screen->deferUpdateTime * 1000L).Thanks!