Bug 244302 - POSIX implementation of ThreadCondition::timedWait() degenerates to wait() beyond 2038
Summary: POSIX implementation of ThreadCondition::timedWait() degenerates to wait() be...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Platform (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Linux
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2022-08-24 12:57 PDT by Olivier Crête
Modified: 2022-08-27 01:34 PDT (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Olivier Crête 2022-08-24 12:57:50 PDT 
The POSIX timedWait() implementation is based on getting the current wait clock time, converting it to a double, then converting it back into a timespec. It assumes that the timespec.tv_sec" field is a int, so it checks if the value if ">INT_MAX" and then waits forever. If one sets the system clock beyond 2038, then it will block forever. I hit this bug inside WebCore::ThreadedScrollingTree::waitForRenderingUpdateCompletionOrTimeout() which gets call when receiving a mouse wheel event, but I'm sure one can hit it from other places too.

Luckily for us, the timespec.tv_sec is not an int, but it's a time_t, which, since POSIX 2001 (and C11), has been defined as a 64 bit int. So we can just use the right checks and then it works!

Proposed fix is: https://github.com/WebKit/WebKit/pull/3621
Comment 1 Olivier Crête 2022-08-24 13:02:58 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/3621
Comment 2 EWS 2022-08-27 01:33:10 PDT 
Committed 253858@main (f63657fbf8c1): <https://commits.webkit.org/253858@main>

Reviewed commits have been landed. Closing PR #3621 and removing active labels.
Comment 3 Radar WebKit Bug Importer 2022-08-27 01:34:16 PDT 
<rdar://problem/99221433>