gnunet-svn
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [gnurl] 156/208: multi: mention integer overflow risk if us


From: gnunet
Subject: [GNUnet-SVN] [gnurl] 156/208: multi: mention integer overflow risk if using > 500 million sockets
Date: Wed, 09 Aug 2017 17:35:53 +0200

This is an automated email from the git hooks/post-receive script.

ng0 pushed a commit to annotated tag gnurl-7.55.0
in repository gnurl.

commit 02c7a2ccabf3b21f881faacf286b4308c4ace1bc
Author: Daniel Stenberg <address@hidden>
AuthorDate: Thu Jul 27 01:13:47 2017 +0200

    multi: mention integer overflow risk if using > 500 million sockets
    
    Reported-by: address@hidden
    
    Closes #1675
    Closes #1683
---
 lib/multi.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/multi.c b/lib/multi.c
index 5753f58f7..217849c5a 100644
--- a/lib/multi.c
+++ b/lib/multi.c
@@ -1022,6 +1022,10 @@ CURLMcode curl_multi_wait(struct Curl_multi *multi,
 
   if(nfds) {
     if(nfds > NUM_POLLS_ON_STACK) {
+      /* 'nfds' is a 32 bit value and 'struct pollfd' is typically 8 bytes
+         big, so at 2^29 sockets this value might wrap. When a process gets
+         the capability to actually handle over 500 million sockets this
+         calculation needs a integer overflow check. */
       ufds = malloc(nfds * sizeof(struct pollfd));
       if(!ufds)
         return CURLM_OUT_OF_MEMORY;

-- 
To stop receiving notification emails like this one, please contact
address@hidden



reply via email to

[Prev in Thread] Current Thread [Next in Thread]