From b96282010e4b8bf373c1fb631a5e305442af634a Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Mon, 24 Jun 2019 23:30:31 +0200 Subject: [PATCH] http: clarify header buffer size calculation The header buffer size calculation can from static analysis seem to overlow as it performs an addition between two size_t variables and stores the result in a size_t variable. Overflow is however guarded against elsewhere since the input to the addition is regulated by the maximum read buffer size. Clarify this with a comment since the question was asked. Reviewed-by: Daniel Stenberg --- lib/http.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/http.c b/lib/http.c index d01e1bfdb..14d1e89eb 100644 --- a/lib/http.c +++ b/lib/http.c @@ -3147,6 +3147,9 @@ static CURLcode header_append(struct Curl_easy *data, struct SingleRequest *k, size_t length) { + /* length is at most the size of a full read buffer, for which the upper + bound is CURL_MAX_READ_SIZE. There is thus no chance of overflow in this + calculation. */ size_t newsize = k->hbuflen + length; if(newsize > CURL_MAX_HTTP_HEADER) { /* The reason to have a max limit for this is to avoid the risk of a bad