From 5cb559e5366c48bfa5b9519cd6fab79202e1ec50 Mon Sep 17 00:00:00 2001
From: Howard Hinnant <howard.hinnant@gmail.com>
Date: Tue, 9 Mar 2021 16:48:49 -0500
Subject: [PATCH] Clarify the safety of NetClock::time_point arithmetic: *
 NetClock::rep is uint32_t and can be error-prone when   used with
 subtraction. * Fixes #3656

---
 src/ripple/app/tx/impl/CreateOffer.cpp | 2 +-
 src/ripple/consensus/Validations.h     | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/ripple/app/tx/impl/CreateOffer.cpp b/src/ripple/app/tx/impl/CreateOffer.cpp
index e952ac963ee..830223563e3 100644
--- a/src/ripple/app/tx/impl/CreateOffer.cpp
+++ b/src/ripple/app/tx/impl/CreateOffer.cpp
@@ -638,7 +638,7 @@ CreateOffer::takerCross(
     Sandbox& sbCancel,
     Amounts const& takerAmount)
 {
-    NetClock::time_point const when{ctx_.view().parentCloseTime()};
+    NetClock::time_point const when = ctx_.view().parentCloseTime();
 
     beast::WrappedSink takerSink(j_, "Taker ");
 
diff --git a/src/ripple/consensus/Validations.h b/src/ripple/consensus/Validations.h
index d4df679bf92..ca7a9c48203 100644
--- a/src/ripple/consensus/Validations.h
+++ b/src/ripple/consensus/Validations.h
@@ -151,7 +151,9 @@ isCurrent(
     // Because this can be called on untrusted, possibly
     // malicious validations, we do our math in a way
     // that avoids any chance of overflowing or underflowing
-    // the signing time.
+    // the signing time.  All of the expressions below are
+    // promoted from unsigned 32 bit to signed 64 bit prior
+    // to computation.
 
     return (signTime > (now - p.validationCURRENT_EARLY)) &&
         (signTime < (now + p.validationCURRENT_WALL)) &&