multi: mention integer overflow risk if using > 500 million sockets

author Daniel Stenberg <daniel@haxx.se>

Wed, 26 Jul 2017 23:13:47 +0000 (01:13 +0200)

committer Daniel Stenberg <daniel@haxx.se>

Wed, 26 Jul 2017 23:13:47 +0000 (01:13 +0200)
author Daniel Stenberg <daniel@haxx.se>
Wed, 26 Jul 2017 23:13:47 +0000 (01:13 +0200)
committer Daniel Stenberg <daniel@haxx.se>
Wed, 26 Jul 2017 23:13:47 +0000 (01:13 +0200)
diff --git a/lib/multi.c b/lib/multi.c

index 5753f58f7461b1221afc49f6b2d9641ad1a26628..217849c5abe77fc152c05704c288b1a9fa9d1a9f 100644 (file)
--- a/lib/multi.c
+++ b/lib/multi.c
@@ -1022,6 +1022,10 @@ CURLMcode curl_multi_wait(struct Curl_multi *multi,
  
    if(nfds) {
      if(nfds > NUM_POLLS_ON_STACK) {
+      /* 'nfds' is a 32 bit value and 'struct pollfd' is typically 8 bytes
+         big, so at 2^29 sockets this value might wrap. When a process gets
+         the capability to actually handle over 500 million sockets this
+         calculation needs a integer overflow check. */
        ufds = malloc(nfds * sizeof(struct pollfd));
        if(!ufds)
          return CURLM_OUT_OF_MEMORY;
author	Daniel Stenberg <daniel@haxx.se>
	Wed, 26 Jul 2017 23:13:47 +0000 (01:13 +0200)
committer	Daniel Stenberg <daniel@haxx.se>
	Wed, 26 Jul 2017 23:13:47 +0000 (01:13 +0200)