diff options
author | Daniel Stenberg <daniel@haxx.se> | 2017-07-27 01:13:47 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2017-07-27 01:13:47 +0200 |
commit | 02c7a2ccabf3b21f881faacf286b4308c4ace1bc (patch) | |
tree | 9be9dc40820c0f45da224e17645d4e9e9bc91b87 | |
parent | 60cf84f7f2e05a7d275616b28267d51fa184e793 (diff) | |
download | curl-02c7a2ccabf3b21f881faacf286b4308c4ace1bc.tar.gz |
multi: mention integer overflow risk if using > 500 million sockets
Reported-by: ovidiu-benea@users.noreply.github.com
Closes #1675
Closes #1683
-rw-r--r-- | lib/multi.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/multi.c b/lib/multi.c index 5753f58f7..217849c5a 100644 --- a/lib/multi.c +++ b/lib/multi.c @@ -1022,6 +1022,10 @@ CURLMcode curl_multi_wait(struct Curl_multi *multi, if(nfds) { if(nfds > NUM_POLLS_ON_STACK) { + /* 'nfds' is a 32 bit value and 'struct pollfd' is typically 8 bytes + big, so at 2^29 sockets this value might wrap. When a process gets + the capability to actually handle over 500 million sockets this + calculation needs a integer overflow check. */ ufds = malloc(nfds * sizeof(struct pollfd)); if(!ufds) return CURLM_OUT_OF_MEMORY; |