From: x2018 <xkernel.wang@foxmail.com>
Date: Fri, 7 Nov 2025 16:43:51 +0000 (+0800)
Subject: rtmp: precaution for a potential integer truncation
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a6fcaf29588a50aa6c27a05994ebe3478f041fba;p=thirdparty%2Fcurl.git

rtmp: precaution for a potential integer truncation

On some platforms, socket descriptors may use types larger than int.
When these values exceed INT_MAX, conversion to int can truncate to
negative values causing RTMP connection failures, and even accidentally
affect other socket when high-value descriptors map to existing
lower-value sockets after integer conversion. This check ensures socket
values are within the safe range before passing them to the RTMP
library.

Closes #19399
---

diff --git a/lib/curl_rtmp.c b/lib/curl_rtmp.c
index 7006ca5eb9..779422c9ae 100644
--- a/lib/curl_rtmp.c
+++ b/lib/curl_rtmp.c
@@ -256,6 +256,11 @@ static CURLcode rtmp_connect(struct Curl_easy *data, bool *done)
   if(!r)
     return CURLE_FAILED_INIT;
 
+  if(conn->sock[FIRSTSOCKET] > INT_MAX) {
+    /* The socket value is invalid for rtmp. */
+    return CURLE_FAILED_INIT;
+  }
+
   r->m_sb.sb_socket = (int)conn->sock[FIRSTSOCKET];
 
   /* We have to know if it is a write before we send the