time: Fix Windows' SystemTime::checked_sub

The Windows implementation of `SystemTime::checked_sub` contains a bug,
namely that it does not return `None` on values below 1601.

This bug stems from the fact that internally, the time gets converted to
an i64, with zero representing the anchor in 1601.  Of course,
performing checked subtraction on a signed integer generally works fine.
However, the resulting value delivers undefined behavior on Windows
systems.

To mitigate this issue, we try to convert the resulting i64 to an u64
because a negative value should obviously fail there.

Author: cvengler

library/std/src/sys/pal/windows/time.rs

@@ -111,8 +111,13 @@ impl SystemTime {
     }
 
     pub fn checked_sub_duration(&self, other: &Duration) -> Option<SystemTime> {
-        let intervals = self.intervals().checked_sub(checked_dur2intervals(other)?)?;
-        Some(SystemTime::from_intervals(intervals))
+        // Windows does not support times before 1601, hence why we don't
+        // support negatives. In order to tackle this, we try to convert the
+        // resulting value into an u64, which should obviously fail in the case
+        // that the value is below zero.
+        let intervals: u64 =
+            self.intervals().checked_sub(checked_dur2intervals(other)?)?.try_into()?;
+        Some(SystemTime::from_intervals(intervals as i64))
     }
 }