diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2017-07-27 01:13:47 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2017-07-27 01:13:47 +0200 |
| commit | 02c7a2ccabf3b21f881faacf286b4308c4ace1bc (patch) | |
| tree | 9be9dc40820c0f45da224e17645d4e9e9bc91b87 | |
| parent | 60cf84f7f2e05a7d275616b28267d51fa184e793 (diff) | |
| download | gnurl-02c7a2ccabf3b21f881faacf286b4308c4ace1bc.tar.gz gnurl-02c7a2ccabf3b21f881faacf286b4308c4ace1bc.tar.bz2 gnurl-02c7a2ccabf3b21f881faacf286b4308c4ace1bc.zip | |
multi: mention integer overflow risk if using > 500 million sockets
Reported-by: ovidiu-benea@users.noreply.github.com
Closes #1675
Closes #1683
| -rw-r--r-- | lib/multi.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/multi.c b/lib/multi.c index 5753f58f7..217849c5a 100644 --- a/lib/multi.c +++ b/lib/multi.c @@ -1022,6 +1022,10 @@ CURLMcode curl_multi_wait(struct Curl_multi *multi, if(nfds) { if(nfds > NUM_POLLS_ON_STACK) { + /* 'nfds' is a 32 bit value and 'struct pollfd' is typically 8 bytes + big, so at 2^29 sockets this value might wrap. When a process gets + the capability to actually handle over 500 million sockets this + calculation needs a integer overflow check. */ ufds = malloc(nfds * sizeof(struct pollfd)); if(!ufds) return CURLM_OUT_OF_MEMORY; |