Clarify the safety of NetClock::time_point arithmetic:

* NetClock::rep is uint32_t and can be error-prone when used with subtraction. * Fixes XRPLF#3656
HowardHinnant · Mar 9, 2021 · 5cb559e · 5cb559e
1 parent c0a0b79
commit 5cb559e
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/src/ripple/app/tx/impl/CreateOffer.cpp b/src/ripple/app/tx/impl/CreateOffer.cpp
@@ -638,7 +638,7 @@ CreateOffer::takerCross(
     Sandbox& sbCancel,
     Amounts const& takerAmount)
 {
-    NetClock::time_point const when{ctx_.view().parentCloseTime()};
+    NetClock::time_point const when = ctx_.view().parentCloseTime();
 
     beast::WrappedSink takerSink(j_, "Taker ");
 

diff --git a/src/ripple/consensus/Validations.h b/src/ripple/consensus/Validations.h
@@ -151,7 +151,9 @@ isCurrent(
     // Because this can be called on untrusted, possibly
     // malicious validations, we do our math in a way
     // that avoids any chance of overflowing or underflowing
-    // the signing time.
+    // the signing time.  All of the expressions below are
+    // promoted from unsigned 32 bit to signed 64 bit prior
+    // to computation.
 
     return (signTime > (now - p.validationCURRENT_EARLY)) &&
         (signTime < (now + p.validationCURRENT_WALL)) &&