summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2017-07-27 01:13:47 +0200
committerDaniel Stenberg <daniel@haxx.se>2017-07-27 01:13:47 +0200
commit02c7a2ccabf3b21f881faacf286b4308c4ace1bc (patch)
tree9be9dc40820c0f45da224e17645d4e9e9bc91b87
parent60cf84f7f2e05a7d275616b28267d51fa184e793 (diff)
downloadcurl-02c7a2ccabf3b21f881faacf286b4308c4ace1bc.tar.gz
multi: mention integer overflow risk if using > 500 million sockets
Reported-by: ovidiu-benea@users.noreply.github.com Closes #1675 Closes #1683
-rw-r--r--lib/multi.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/multi.c b/lib/multi.c
index 5753f58f7..217849c5a 100644
--- a/lib/multi.c
+++ b/lib/multi.c
@@ -1022,6 +1022,10 @@ CURLMcode curl_multi_wait(struct Curl_multi *multi,
if(nfds) {
if(nfds > NUM_POLLS_ON_STACK) {
+ /* 'nfds' is a 32 bit value and 'struct pollfd' is typically 8 bytes
+ big, so at 2^29 sockets this value might wrap. When a process gets
+ the capability to actually handle over 500 million sockets this
+ calculation needs a integer overflow check. */
ufds = malloc(nfds * sizeof(struct pollfd));
if(!ufds)
return CURLM_OUT_OF_MEMORY;