Bluetooth: Mesh: Fix integer overflow

Fix potential integer overflow by casting one of operands to int64_t.

Coverity-CID: 329961
Fixes #65356

Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
This commit is contained in:
Pavel Vasilyev 2023-11-17 11:14:48 +01:00 committed by Carles Cufí
commit 07848a4456

View file

@ -697,7 +697,8 @@ static void gatt_proxy_solicited(struct bt_mesh_subnet *sub)
int32_t remaining;
if (sub->priv_net_id_sent > 0) {
timeout = sub->priv_net_id_sent + MSEC_PER_SEC * bt_mesh_od_priv_proxy_get();
timeout = sub->priv_net_id_sent +
MSEC_PER_SEC * (int64_t) bt_mesh_od_priv_proxy_get();
remaining = MIN(timeout - now, INT32_MAX);
} else {
remaining = MSEC_PER_SEC * bt_mesh_od_priv_proxy_get();