mirror of
https://github.com/moparisthebest/curl
synced 2024-10-31 15:45:12 -04:00
file_range: avoid integer overflow when figuring out byte range
When trying to bump the value with one and the value is already at max, it causes an integer overflow. Closes #1908 Detected by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3465 Assisted-by: Max Dymond
This commit is contained in:
parent
b6a90bca33
commit
afbdc96638
@ -165,6 +165,9 @@ static CURLcode file_range(struct connectdata *conn)
|
|||||||
else {
|
else {
|
||||||
/* X-Y */
|
/* X-Y */
|
||||||
totalsize = to-from;
|
totalsize = to-from;
|
||||||
|
if(totalsize == CURL_OFF_T_MAX)
|
||||||
|
/* this is too big to increase, so bail out */
|
||||||
|
return CURLE_RANGE_ERROR;
|
||||||
data->req.maxdownload = totalsize + 1; /* include last byte */
|
data->req.maxdownload = totalsize + 1; /* include last byte */
|
||||||
data->state.resume_from = from;
|
data->state.resume_from = from;
|
||||||
DEBUGF(infof(data, "RANGE from %" CURL_FORMAT_CURL_OFF_T
|
DEBUGF(infof(data, "RANGE from %" CURL_FORMAT_CURL_OFF_T
|
||||||
|
Loading…
Reference in New Issue
Block a user