From d82aeb55ca3b6abe4cafa7b9c39777a5f67308e5 Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <Alan.Coopersmith@sun.com>
Date: Sun, 9 Oct 2005 23:47:52 +0000
Subject: [PATCH] Bug #3254 <https://bugs.freedesktop.org/show_bug.cgi?id=3254>
 Make sure     screensaver & DPMS timeouts don't overflow when multiplied by  
   MILLI_PER_MIN. (Reported by Zachary J. Slater)

---
 hw/xfree86/common/xf86Config.c | 25 ++++++++++++++++++++-----
 1 file changed, 20 insertions(+), 5 deletions(-)

diff --git a/hw/xfree86/common/xf86Config.c b/hw/xfree86/common/xf86Config.c
index 5d424afff..75003741c 100644
--- a/hw/xfree86/common/xf86Config.c
+++ b/hw/xfree86/common/xf86Config.c
@@ -1006,25 +1006,40 @@ configServerFlags(XF86ConfFlagsPtr flagsconf, XF86OptionPtr layoutopts)
 	xf86Info.estimateSizesAggressively = i;
     else
 	xf86Info.estimateSizesAggressively = 0;
-	
+
+/* Make sure that timers don't overflow CARD32's after multiplying */
+#define MAX_TIME_IN_MIN (0x7fffffff / MILLI_PER_MIN)
+
     i = -1;
     xf86GetOptValInteger(FlagOptions, FLAG_SAVER_BLANKTIME, &i);
-    if (i >= 0)
+    if ((i >= 0) && (i < MAX_TIME_IN_MIN))
 	ScreenSaverTime = defaultScreenSaverTime = i * MILLI_PER_MIN;
+    else if (i != -1)
+	xf86ConfigError("BlankTime value %d outside legal range of 0 - %d minutes",
+			i, MAX_TIME_IN_MIN);
 
 #ifdef DPMSExtension
     i = -1;
     xf86GetOptValInteger(FlagOptions, FLAG_DPMS_STANDBYTIME, &i);
-    if (i >= 0)
+    if ((i >= 0) && (i < MAX_TIME_IN_MIN))
 	DPMSStandbyTime = defaultDPMSStandbyTime = i * MILLI_PER_MIN;
+    else if (i != -1)
+	xf86ConfigError("StandbyTime value %d outside legal range of 0 - %d minutes",
+			i, MAX_TIME_IN_MIN);
     i = -1;
     xf86GetOptValInteger(FlagOptions, FLAG_DPMS_SUSPENDTIME, &i);
-    if (i >= 0)
+    if ((i >= 0) && (i < MAX_TIME_IN_MIN))
 	DPMSSuspendTime = defaultDPMSSuspendTime = i * MILLI_PER_MIN;
+    else if (i != -1)
+	xf86ConfigError("SuspendTime value %d outside legal range of 0 - %d minutes",
+			i, MAX_TIME_IN_MIN);
     i = -1;
     xf86GetOptValInteger(FlagOptions, FLAG_DPMS_OFFTIME, &i);
-    if (i >= 0)
+    if ((i >= 0) && (i < MAX_TIME_IN_MIN))
 	DPMSOffTime = defaultDPMSOffTime = i * MILLI_PER_MIN;
+    else if (i != -1)
+	xf86ConfigError("OffTime value %d outside legal range of 0 - %d minutes",
+			i, MAX_TIME_IN_MIN);
 #endif
 
     i = -1;