[Webkit-unassigned] [Bug 244302] New: POSIX implementation of ThreadCondition::timedWait() degenerates to wait() beyond 2038

Wed Aug 24 12:57:50 PDT 2022

https://bugs.webkit.org/show_bug.cgi?id=244302

            Bug ID: 244302
           Summary: POSIX implementation of ThreadCondition::timedWait()
                    degenerates to wait() beyond 2038
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Platform
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: olivier.crete at collabora.com

The POSIX timedWait() implementation is based on getting the current wait clock time, converting it to a double, then converting it back into a timespec. It assumes that the timespec.tv_sec" field is a int, so it checks if the value if ">INT_MAX" and then waits forever. If one sets the system clock beyond 2038, then it will block forever. I hit this bug inside WebCore::ThreadedScrollingTree::waitForRenderingUpdateCompletionOrTimeout() which gets call when receiving a mouse wheel event, but I'm sure one can hit it from other places too.

Luckily for us, the timespec.tv_sec is not an int, but it's a time_t, which, since POSIX 2001 (and C11), has been defined as a 64 bit int. So we can just use the right checks and then it works!

Proposed fix is: https://github.com/WebKit/WebKit/pull/3621

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220824/4b063bbb/attachment.htm>