Commit 6df5f35e authored by Daniel Gustafsson's avatar Daniel Gustafsson
Browse files

tool_cb_prg: Fix integer overflow in progress bar 



Commit 61faa0b4 fixed the progress bar
width calculation to avoid integer overflow, but failed to account for
the fact that initial_size is initialized to -1 when the file size is
retrieved from the remote on an upload, causing another signed integer
overflow.  Fix by separately checking for this case before the width
calculation.

Closes #3984
Reported-by: Brian Carpenter (Geeknik Labs)
Reviewed-by: default avatarDaniel Stenberg <daniel@haxx.se>
parent deb9462f

src/tool_cb_prg.c

+9 −4
Original line number Diff line number Diff line
@@ -125,14 +125,19 @@ int tool_progress_cb(void *clientp, 
  curl_off_t total;

  curl_off_t point;



  /* expected transfer size */

  if((CURL_OFF_T_MAX - bar->initial_size) < (dltotal + ultotal))

  /* Calculate expected transfer size. initial_size can be less than zero

     when indicating that we are expecting to get the filesize from the

     remote */

  if(bar->initial_size < 0 ||

     ((CURL_OFF_T_MAX - bar->initial_size) < (dltotal + ultotal)))

    total = CURL_OFF_T_MAX;

  else

    total = dltotal + ultotal + bar->initial_size;



  /* we've come this far */

  if((CURL_OFF_T_MAX - bar->initial_size) < (dlnow + ulnow))

  /* Calculate the current progress. initial_size can be less than zero when

     indicating that we are expecting to get the filesize from the remote */

  if(bar->initial_size < 0 ||

     ((CURL_OFF_T_MAX - bar->initial_size) < (dlnow + ulnow)))

    point = CURL_OFF_T_MAX;

  else

    point = dlnow + ulnow + bar->initial_size;