Changelog
+Yang Tse (14 Nov 2007)
+- Fix a variable potential wrapping in add_buffer() when using absolutely
+ huge send buffer sizes.
+
Daniel S (13 Nov 2007)
- Fixed a remaining problem with doing SFTP directory listings on a re-used
persistent connection. Mentioned by Immanuel Gregoire on the mailing list.
o curl.h version 7.17.1 problem when building C++ apps with MSVC
o SFTP and SCP use persistent connections
o segfault on bad URL
+ o variable wrapping when using absolutely huge send buffer sizes
This release includes the following known bugs:
char *new_rb;
size_t new_size;
+ if(~size < in->size_used) {
+ /* If resulting used size of send buffer would wrap size_t, cleanup
+ the whole buffer and return error. Otherwise the required buffer
+ size will fit into a single allocatable memory chunk */
+ Curl_safefree(in->buffer);
+ free(in);
+ return CURLE_OUT_OF_MEMORY;
+ }
+
if(!in->buffer ||
((in->size_used + size) > (in->size_max - 1))) {
- new_size = (in->size_used+size)*2;
+
+ /* If current buffer size isn't enough to hold the result, use a
+ buffer size that doubles the required size. If this new size
+ would wrap size_t, then just use the largest possible one */
+
+ if((size > (size_t)-1/2) || (in->size_used > (size_t)-1/2) ||
+ (~(size*2) < (in->size_used*2)))
+ new_size = (size_t)-1;
+ else
+ new_size = (in->size_used+size)*2;
+
if(in->buffer)
/* we have a buffer, enlarge the existing one */
new_rb = (char *)realloc(in->buffer, new_size);
projects / thirdparty / curl.git / commitdiff
