mirror of
https://github.com/moparisthebest/curl
synced 2024-12-21 23:58:49 -05:00
multi: mention integer overflow risk if using > 500 million sockets
Reported-by: ovidiu-benea@users.noreply.github.com Closes #1675 Closes #1683
This commit is contained in:
parent
60cf84f7f2
commit
02c7a2ccab
@ -1022,6 +1022,10 @@ CURLMcode curl_multi_wait(struct Curl_multi *multi,
|
||||
|
||||
if(nfds) {
|
||||
if(nfds > NUM_POLLS_ON_STACK) {
|
||||
/* 'nfds' is a 32 bit value and 'struct pollfd' is typically 8 bytes
|
||||
big, so at 2^29 sockets this value might wrap. When a process gets
|
||||
the capability to actually handle over 500 million sockets this
|
||||
calculation needs a integer overflow check. */
|
||||
ufds = malloc(nfds * sizeof(struct pollfd));
|
||||
if(!ufds)
|
||||
return CURLM_OUT_OF_MEMORY;
|
||||
|
Loading…
Reference in New Issue
Block a user