diff options
-rw-r--r-- | lib/mime.c | 4 | ||||
-rw-r--r-- | src/tool_setopt.c | 12 |
2 files changed, 10 insertions, 6 deletions
diff --git a/lib/mime.c b/lib/mime.c index 759ade085..11d387d62 100644 --- a/lib/mime.c +++ b/lib/mime.c @@ -282,7 +282,7 @@ static size_t mime_mem_read(char *buffer, size_t size, size_t nitems, void *instream) { struct Curl_mimepart *part = (struct Curl_mimepart *) instream; - size_t sz = part->datasize - part->state.offset; + size_t sz = (size_t) part->datasize - part->state.offset; (void) size; /* Always 1.*/ @@ -312,7 +312,7 @@ static int mime_mem_seek(void *instream, curl_off_t offset, int whence) if(offset < 0 || offset > part->datasize) return CURL_SEEKFUNC_FAIL; - part->state.offset = offset; + part->state.offset = (size_t) offset; return CURL_SEEKFUNC_OK; } diff --git a/src/tool_setopt.c b/src/tool_setopt.c index 6cb6bb3e3..4e25e9e12 100644 --- a/src/tool_setopt.c +++ b/src/tool_setopt.c @@ -210,14 +210,18 @@ static const NameValue setopt_nv_CURLNONZERODEFAULTS[] = { /* Escape string to C string syntax. Return NULL if out of memory. * Is this correct for those wacky EBCDIC guys? */ -static char *c_escape(const char *str, ssize_t len) +static char *c_escape(const char *str, ssize_t plen) { const char *s; unsigned char c; char *escaped, *e; + size_t len = plen == -1? strlen(str): (size_t) plen; + + /* Check for possible overflow. */ + if(len > (~(size_t) 0) / 4) + return NULL; + /* Allocate space based on worst-case */ - if(len < 0) - len = strlen(str); escaped = malloc(4 * len + 1); if(!escaped) return NULL; @@ -474,7 +478,7 @@ static CURLcode libcurl_generate_mime(curl_mime *mime, int *mimeno) ; size = (cp == data + part->datasize)? (curl_off_t) -1: part->datasize; Curl_safefree(escaped); - escaped = c_escape(data, part->datasize); + escaped = c_escape(data, (ssize_t) part->datasize); if(data != part->data) Curl_safefree(data); if(!escaped) |