From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 30 Nov 2025 22:35:25 +0000 (+0100)
Subject: imap: make sure Curl_pgrsSetDownloadSize() does not overflow
X-Git-Tag: rc-8_18_0-1~72
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=41931f1659f485ba60cfb4da0b4479bfb0fd8a8e;p=thirdparty%2Fcurl.git

imap: make sure Curl_pgrsSetDownloadSize() does not overflow

Follow-up to c1e3a760b. The previous update missed an addition that also
can wrap and cause confusion. Fixing this by calling
Curl_pgrsSetDownloadSize() after the overflow check.

Reported-by: Deniz Parlak
Closes #19774
---

diff --git a/lib/imap.c b/lib/imap.c
index d093e46d33..9d58bec4ec 100644
--- a/lib/imap.c
+++ b/lib/imap.c
@@ -1214,8 +1214,6 @@ static CURLcode imap_state_listsearch_resp(struct Curl_easy *data,
 
         /* This is a literal response, setup to receive the body data */
         infof(data, "Found %" FMT_OFF_T " bytes to download", size);
-        /* Progress size includes both header line and literal body */
-        Curl_pgrsSetDownloadSize(data, size + len);
 
         /* First write the header line */
         result = Curl_client_write(data, CLIENTWRITE_BODY, line, len);
@@ -1268,6 +1266,9 @@ static CURLcode imap_state_listsearch_resp(struct Curl_easy *data,
         else
           size += len;
 
+        /* Progress size includes both header line and literal body */
+        Curl_pgrsSetDownloadSize(data, size);
+
         if(data->req.bytecount == size)
           /* All data already transferred (header + literal body) */
           Curl_xfer_setup_nop(data);