library: sub_timespec use arithmetic to avoid overflow

eval-exec · eval-exec · commit d2bc288efce8 · 2025-09-09T10:59:47.000+08:00
Signed-off-by: Eval EXEC &lt;execvy@gmail.com&gt;
diff --git a/library/std/src/sys/pal/hermit/time.rs b/library/std/src/sys/pal/hermit/time.rs
@@ -28,20 +28,20 @@ impl Timespec {
     #[rustc_const_unstable(feature = "const_system_time", issue = "144517")]
     const fn sub_timespec(&self, other: &Timespec) -> Result<Duration, Duration> {
         // FIXME: const PartialOrd
-        let mut cmp = self.t.tv_sec - other.t.tv_sec;
+        let mut cmp = self.t.tv_sec.saturating_sub(other.t.tv_sec);
         if cmp == 0 {
             cmp = self.t.tv_nsec as i64 - other.t.tv_nsec as i64;
         }
 
         if cmp >= 0 {
             Ok(if self.t.tv_nsec >= other.t.tv_nsec {
                 Duration::new(
-                    (self.t.tv_sec - other.t.tv_sec) as u64,
+                    self.t.tv_sec.wrapping_sub(other.t.tv_sec) as u64,
                     (self.t.tv_nsec - other.t.tv_nsec) as u32,
                 )
             } else {
                 Duration::new(
-                    (self.t.tv_sec - 1 - other.t.tv_sec) as u64,
+                    self.t.tv_sec.wrapping_sub(other.t.tv_sec) as u64 - 1_u64,
                     (self.t.tv_nsec + NSEC_PER_SEC - other.t.tv_nsec) as u32,
                 )
             })
diff --git a/library/std/src/sys/pal/uefi/time.rs b/library/std/src/sys/pal/uefi/time.rs
@@ -95,7 +95,7 @@ impl SystemTime {
 
         // Check if can be represented in UEFI
         // FIXME: const PartialOrd
-        let mut cmp = temp.as_secs() - MAX_UEFI_TIME.0.as_secs();
+        let mut cmp = temp.as_secs().saturating_sub(MAX_UEFI_TIME.0.as_secs());
         if cmp == 0 {
             cmp = temp.subsec_nanos() as u64 - MAX_UEFI_TIME.0.subsec_nanos() as u64;
         }
diff --git a/library/std/src/sys/pal/unix/time.rs b/library/std/src/sys/pal/unix/time.rs
@@ -139,7 +139,7 @@ impl Timespec {
     #[rustc_const_unstable(feature = "const_system_time", issue = "144517")]
     pub const fn sub_timespec(&self, other: &Timespec) -> Result<Duration, Duration> {
         // FIXME: const PartialOrd
-        let mut cmp = self.tv_sec - other.tv_sec;
+        let mut cmp = self.tv_sec.saturating_sub(other.tv_sec);
         if cmp == 0 {
             cmp = self.tv_nsec.as_inner() as i64 - other.tv_nsec.as_inner() as i64;
         }
@@ -160,12 +160,12 @@ impl Timespec {
             // directly expresses the lower-cost behavior we want from it.
             let (secs, nsec) = if self.tv_nsec.as_inner() >= other.tv_nsec.as_inner() {
                 (
-                    (self.tv_sec - other.tv_sec) as u64,
+                    self.tv_sec.wrapping_sub(other.tv_sec) as u64,
                     self.tv_nsec.as_inner() - other.tv_nsec.as_inner(),
                 )
             } else {
                 (
-                    (self.tv_sec - other.tv_sec - 1) as u64,
+                    self.tv_sec.wrapping_sub(other.tv_sec) as u64 - 1_u64,
                     self.tv_nsec.as_inner() + (NSEC_PER_SEC as u32) - other.tv_nsec.as_inner(),
                 )
             };

Original file line number	Diff line number	Diff line change
`@@ -95,7 +95,7 @@ impl SystemTime {`
`95`	`95`
`96`	`96`	`// Check if can be represented in UEFI`
`97`	`97`	`// FIXME: const PartialOrd`
`98`		`- let mut cmp = temp.as_secs() - MAX_UEFI_TIME.0.as_secs();`
	`98`	`+ let mut cmp = temp.as_secs().saturating_sub(MAX_UEFI_TIME.0.as_secs());`
`99`	`99`	`if cmp == 0 {`
`100`	`100`	`cmp = temp.subsec_nanos() as u64 - MAX_UEFI_TIME.0.subsec_nanos() as u64;`
`101`	`101`	`}`
Original file line number	Diff line number	Diff line change
`@@ -139,7 +139,7 @@ impl Timespec {`
`139`	`139`	`#[rustc_const_unstable(feature = "const_system_time", issue = "144517")]`
`140`	`140`	`pub const fn sub_timespec(&self, other: &Timespec) -> Result<Duration, Duration> {`
`141`	`141`	`// FIXME: const PartialOrd`
`142`		`- let mut cmp = self.tv_sec - other.tv_sec;`
	`142`	`+ let mut cmp = self.tv_sec.saturating_sub(other.tv_sec);`
`143`	`143`	`if cmp == 0 {`
`144`	`144`	`cmp = self.tv_nsec.as_inner() as i64 - other.tv_nsec.as_inner() as i64;`
`145`	`145`	`}`
`@@ -160,12 +160,12 @@ impl Timespec {`
`160`	`160`	`// directly expresses the lower-cost behavior we want from it.`
`161`	`161`	`let (secs, nsec) = if self.tv_nsec.as_inner() >= other.tv_nsec.as_inner() {`
`162`	`162`	`(`
`163`		`- (self.tv_sec - other.tv_sec) as u64,`
	`163`	`+ self.tv_sec.wrapping_sub(other.tv_sec) as u64,`
`164`	`164`	`self.tv_nsec.as_inner() - other.tv_nsec.as_inner(),`
`165`	`165`	`)`
`166`	`166`	`} else {`
`167`	`167`	`(`
`168`		`- (self.tv_sec - other.tv_sec - 1) as u64,`
	`168`	`+ self.tv_sec.wrapping_sub(other.tv_sec) as u64 - 1_u64,`
`169`	`169`	`self.tv_nsec.as_inner() + (NSEC_PER_SEC as u32) - other.tv_nsec.as_inner(),`
`170`	`170`	`)`
`171`	`171`	`};`