summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Gustafsson <daniel@yesql.se>2019-06-10 09:32:30 +0200
committerDaniel Gustafsson <daniel@yesql.se>2019-06-10 09:32:30 +0200
commit6df5f35e6ac5f0f1adf7e5c7bf4bd2ec87b9d4bb (patch)
treee91a94d32ce994618b4fe69241daf3ccd9ed964f
parentdeb9462ff2de8e955c67ed441f5f48619a31198d (diff)
downloadcurl-6df5f35e6ac5f0f1adf7e5c7bf4bd2ec87b9d4bb.tar.gz
tool_cb_prg: Fix integer overflow in progress bar
Commit 61faa0b420c236480bc9ef6fd52b4ecc1e0f8d17 fixed the progress bar width calculation to avoid integer overflow, but failed to account for the fact that initial_size is initialized to -1 when the file size is retrieved from the remote on an upload, causing another signed integer overflow. Fix by separately checking for this case before the width calculation. Closes #3984 Reported-by: Brian Carpenter (Geeknik Labs) Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-rw-r--r--src/tool_cb_prg.c13
1 files changed, 9 insertions, 4 deletions
diff --git a/src/tool_cb_prg.c b/src/tool_cb_prg.c
index e2ee54225..05fe0e636 100644
--- a/src/tool_cb_prg.c
+++ b/src/tool_cb_prg.c
@@ -125,14 +125,19 @@ int tool_progress_cb(void *clientp,
curl_off_t total;
curl_off_t point;
- /* expected transfer size */
- if((CURL_OFF_T_MAX - bar->initial_size) < (dltotal + ultotal))
+ /* Calculate expected transfer size. initial_size can be less than zero
+ when indicating that we are expecting to get the filesize from the
+ remote */
+ if(bar->initial_size < 0 ||
+ ((CURL_OFF_T_MAX - bar->initial_size) < (dltotal + ultotal)))
total = CURL_OFF_T_MAX;
else
total = dltotal + ultotal + bar->initial_size;
- /* we've come this far */
- if((CURL_OFF_T_MAX - bar->initial_size) < (dlnow + ulnow))
+ /* Calculate the current progress. initial_size can be less than zero when
+ indicating that we are expecting to get the filesize from the remote */
+ if(bar->initial_size < 0 ||
+ ((CURL_OFF_T_MAX - bar->initial_size) < (dlnow + ulnow)))
point = CURL_OFF_T_MAX;
else
point = dlnow + ulnow + bar->initial_size;