Re: [PATCH 07/12] rtc: rzn1: fix alarm range check truncation on 32-bit systems

Next message: Florian Fainelli: "Re: [PATCH net-next 2/3] net: bcmgenet: remove dead priority queue plumbing"
Previous message: Philipp Zabel: "Re: [PATCH v1 1/9] dt-bindings: reset: altr: add COMBOPHY_RESET for Agilex5"
In reply to: Alexandre Belloni: "Re: [PATCH 07/12] rtc: rzn1: fix alarm range check truncation on 32-bit systems"
Next in thread: Alexandre Belloni: "Re: [PATCH 07/12] rtc: rzn1: fix alarm range check truncation on 32-bit systems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Lad, Prabhakar

Date: Thu Jun 18 2026 - 06:52:26 EST

Hi Alexandre,

On Wed, Jun 17, 2026 at 5:55 PM Alexandre Belloni
<alexandre.belloni@xxxxxxxxxxx> wrote:
>
> On 15/06/2026 16:48:00+0100, Prabhakar wrote:
> > From: Lad Prabhakar <prabhakar.mahadev-lad.rj@xxxxxxxxxxxxxx>
> >
> > alarm and farest were declared as unsigned long, but
> > rtc_tm_to_time64() returns time64_t (s64). On 32-bit systems where
> > unsigned long is 32 bits, the assignment silently truncates the upper
> > 32 bits of the timestamp.
> >
> > Fix by declaring alarm and farest as time64_t and replacing
> > time_after() with a direct signed comparison, which is correct for
> > time64_t values that will never realistically overflow.
> >
>
> I'd argue that this is never going to overflow ever as unsigned long
> gets you to 2106 which is way past the usable range of the RTC so there
> is a trade off between the size you are going to take on the stack and
> the actual usefulness of the fix.
>
While it's true that unsigned long lasts until 2106 (well past this
RTC's practical lifetime), rtc_tm_to_time64() explicitly returns
time64_t. Using unsigned long causes silent truncation and types
mismatch with the API, which modern static analyzers flag. Given that
this function is not deeply nested, the 8-byte stack trade-off seems
worth it for type cleanliness and consistency. What do you think?

Cheers,
Prabhakar