1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00

multi: mention integer overflow risk if using > 500 million sockets

Reported-by: ovidiu-benea@users.noreply.github.com

Closes #1675
Closes #1683
This commit is contained in:
Daniel Stenberg 2017-07-27 01:13:47 +02:00
parent 60cf84f7f2
commit 02c7a2ccab

View File

@ -1022,6 +1022,10 @@ CURLMcode curl_multi_wait(struct Curl_multi *multi,
if(nfds) {
if(nfds > NUM_POLLS_ON_STACK) {
/* 'nfds' is a 32 bit value and 'struct pollfd' is typically 8 bytes
big, so at 2^29 sockets this value might wrap. When a process gets
the capability to actually handle over 500 million sockets this
calculation needs a integer overflow check. */
ufds = malloc(nfds * sizeof(struct pollfd));
if(!ufds)
return CURLM_OUT_OF_MEMORY;