From 02c7a2ccabf3b21f881faacf286b4308c4ace1bc Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 27 Jul 2017 01:13:47 +0200
Subject: multi: mention integer overflow risk if using > 500 million sockets

Reported-by: ovidiu-benea@users.noreply.github.com

Closes #1675
Closes #1683
---
 lib/multi.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/multi.c b/lib/multi.c
index 5753f58f7..217849c5a 100644
--- a/lib/multi.c
+++ b/lib/multi.c
@@ -1022,6 +1022,10 @@ CURLMcode curl_multi_wait(struct Curl_multi *multi,
 
   if(nfds) {
     if(nfds > NUM_POLLS_ON_STACK) {
+      /* 'nfds' is a 32 bit value and 'struct pollfd' is typically 8 bytes
+         big, so at 2^29 sockets this value might wrap. When a process gets
+         the capability to actually handle over 500 million sockets this
+         calculation needs a integer overflow check. */
       ufds = malloc(nfds * sizeof(struct pollfd));
       if(!ufds)
         return CURLM_OUT_OF_MEMORY;
-- 
cgit v1.2.3