From e72fe16146dd33cb218bf8c16b069f68f331fdf8 Mon Sep 17 00:00:00 2001
From: Laurent Tu <laurentt@google.com>
Date: Thu, 4 Oct 2012 13:40:08 -0700
Subject: Prevent  overflow in LocationRequest.setExpireIn()

Prevent overflow in LocationRequest.setExpireIn(), for example,
when we pass in Long.MAX_VALUE.

Bug: 7047435
Change-Id: Ie56928a59fb387173fbd3887c0ef9aede00f8152
---
 location/java/android/location/LocationRequest.java | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'location/java/android')

diff --git a/location/java/android/location/LocationRequest.java b/location/java/android/location/LocationRequest.java
index f4f7b09f0864..cb291eadf5b8 100644
--- a/location/java/android/location/LocationRequest.java
+++ b/location/java/android/location/LocationRequest.java
@@ -369,7 +369,15 @@ public final class LocationRequest implements Parcelable {
      * @return the same object, so that setters can be chained
      */
     public LocationRequest setExpireIn(long millis) {
-        mExpireAt = millis + SystemClock.elapsedRealtime();
+        long elapsedRealtime = SystemClock.elapsedRealtime();
+
+        // Check for > Long.MAX_VALUE overflow (elapsedRealtime > 0):
+        if (millis > Long.MAX_VALUE - elapsedRealtime) {
+          mExpireAt = Long.MAX_VALUE;
+        } else {
+          mExpireAt = millis + elapsedRealtime;
+        }
+
         if (mExpireAt < 0) mExpireAt = 0;
         return this;
     }
-- 
cgit v1.2.3-59-g8ed1b