Commit 02c7a2cc authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

multi: mention integer overflow risk if using > 500 million sockets 



Reported-by: default avatar <ovidiu-benea@users.noreply.github.com>

Closes #1675
Closes #1683
parent 60cf84f7

lib/multi.c

+4 −0
Original line number Original line Diff line number Diff line
@@ -1022,6 +1022,10 @@ CURLMcode curl_multi_wait(struct Curl_multi *multi, 




  if(nfds) {

  if(nfds) {

    if(nfds > NUM_POLLS_ON_STACK) {

    if(nfds > NUM_POLLS_ON_STACK) {

      /* 'nfds' is a 32 bit value and 'struct pollfd' is typically 8 bytes

         big, so at 2^29 sockets this value might wrap. When a process gets

         the capability to actually handle over 500 million sockets this

         calculation needs a integer overflow check. */

      ufds = malloc(nfds * sizeof(struct pollfd));

      ufds = malloc(nfds * sizeof(struct pollfd));

      if(!ufds)

      if(!ufds)

        return CURLM_OUT_OF_MEMORY;

        return CURLM_OUT_OF_MEMORY;