date: avoid overflow in approxidate relative-time multiplication

approxidate_alpha() multiplies a time unit length (e.g., 604800
for weeks) by a user-supplied number to compute a time offset in
seconds. Both operands are int, and the product is passed to
update_tm() as time_t. For inputs like "99999 weeks ago", the
int multiplication overflows (604800 * 99999 = ~60 billion,
far beyond INT_MAX), producing a wrapped value that results in
a wrong date.

Widen the operands to time_t before multiplying and use
mult_overflows() to detect when even the wider product would
overflow. On overflow, clamp to the maximum value of time_t
(using is_unsigned_type to select the appropriate maximum).
The clamped value causes update_tm to produce a date at the
epoch boundary, which is a reasonable degraded behavior for
an absurdly large relative offset.

Pointed out by Coverity.

Assisted-by: Claude Opus 4.6
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

Author: dscho

date.c

@@ -1272,7 +1272,13 @@ static const char *approxidate_alpha(const char *date, struct tm *tm, struct tm
 	while (tl->type) {
 		size_t len = strlen(tl->type);
 		if (match_string(date, tl->type) >= len-1) {
-			update_tm(tm, now, tl->length * *num);
+			time_t length = tl->length, num_t = *num;
+			time_t max_val = is_unsigned_type(length)
+				? maximum_unsigned_value_of_type(length)
+				: maximum_signed_value_of_type(length);
+			time_t seconds = mult_overflows(length, num_t)
+				? max_val : length * num_t;
+			update_tm(tm, now, seconds);
 			*num = 0;
 			*touched = 1;
 			return end;