Bluetooth: Mesh: Fix integer overflow

Fix potential integer overflow by casting one of operands to int64_t. Coverity-CID: 329961 Fixes #65356 Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
2023-11-17 11:14:48 +01:00 · 2023-11-17 11:14:48 +01:00 · 07848a4456
commit 07848a4456
parent 3bc17d1d18
1 changed files with 2 additions and 1 deletions
--- a/subsys/bluetooth/mesh/proxy_srv.c
+++ b/subsys/bluetooth/mesh/proxy_srv.c
@ -697,7 +697,8 @@ static void gatt_proxy_solicited(struct bt_mesh_subnet *sub)
 	int32_t remaining;

 	if (sub->priv_net_id_sent > 0) {
-		timeout = sub->priv_net_id_sent + MSEC_PER_SEC * bt_mesh_od_priv_proxy_get();
+		timeout = sub->priv_net_id_sent +
+			MSEC_PER_SEC * (int64_t) bt_mesh_od_priv_proxy_get();
 		remaining = MIN(timeout - now, INT32_MAX);
 	} else {
 		remaining = MSEC_PER_SEC * bt_mesh_od_priv_proxy_get();