Loading CHANGES +4 −0 Original line number Original line Diff line number Diff line Loading @@ -6,6 +6,10 @@ Changelog Changelog Yang Tse (14 Nov 2007) - Fix a variable potential wrapping in add_buffer() when using absolutely huge send buffer sizes. Daniel S (13 Nov 2007) Daniel S (13 Nov 2007) - Fixed a remaining problem with doing SFTP directory listings on a re-used - Fixed a remaining problem with doing SFTP directory listings on a re-used persistent connection. Mentioned by Immanuel Gregoire on the mailing list. persistent connection. Mentioned by Immanuel Gregoire on the mailing list. Loading RELEASE-NOTES +1 −0 Original line number Original line Diff line number Diff line Loading @@ -20,6 +20,7 @@ This release includes the following bugfixes: o curl.h version 7.17.1 problem when building C++ apps with MSVC o curl.h version 7.17.1 problem when building C++ apps with MSVC o SFTP and SCP use persistent connections o SFTP and SCP use persistent connections o segfault on bad URL o segfault on bad URL o variable wrapping when using absolutely huge send buffer sizes This release includes the following known bugs: This release includes the following known bugs: Loading lib/http.c +20 −1 Original line number Original line Diff line number Diff line Loading @@ -1083,9 +1083,28 @@ CURLcode add_buffer(send_buffer *in, const void *inptr, size_t size) char *new_rb; char *new_rb; size_t new_size; size_t new_size; if(~size < in->size_used) { /* If resulting used size of send buffer would wrap size_t, cleanup the whole buffer and return error. Otherwise the required buffer size will fit into a single allocatable memory chunk */ Curl_safefree(in->buffer); free(in); return CURLE_OUT_OF_MEMORY; } if(!in->buffer || if(!in->buffer || ((in->size_used + size) > (in->size_max - 1))) { ((in->size_used + size) > (in->size_max - 1))) { /* If current buffer size isn't enough to hold the result, use a buffer size that doubles the required size. If this new size would wrap size_t, then just use the largest possible one */ if((size > (size_t)-1/2) || (in->size_used > (size_t)-1/2) || (~(size*2) < (in->size_used*2))) new_size = (size_t)-1; else new_size = (in->size_used+size)*2; new_size = (in->size_used+size)*2; if(in->buffer) if(in->buffer) /* we have a buffer, enlarge the existing one */ /* we have a buffer, enlarge the existing one */ new_rb = (char *)realloc(in->buffer, new_size); new_rb = (char *)realloc(in->buffer, new_size); Loading Loading
CHANGES +4 −0 Original line number Original line Diff line number Diff line Loading @@ -6,6 +6,10 @@ Changelog Changelog Yang Tse (14 Nov 2007) - Fix a variable potential wrapping in add_buffer() when using absolutely huge send buffer sizes. Daniel S (13 Nov 2007) Daniel S (13 Nov 2007) - Fixed a remaining problem with doing SFTP directory listings on a re-used - Fixed a remaining problem with doing SFTP directory listings on a re-used persistent connection. Mentioned by Immanuel Gregoire on the mailing list. persistent connection. Mentioned by Immanuel Gregoire on the mailing list. Loading
RELEASE-NOTES +1 −0 Original line number Original line Diff line number Diff line Loading @@ -20,6 +20,7 @@ This release includes the following bugfixes: o curl.h version 7.17.1 problem when building C++ apps with MSVC o curl.h version 7.17.1 problem when building C++ apps with MSVC o SFTP and SCP use persistent connections o SFTP and SCP use persistent connections o segfault on bad URL o segfault on bad URL o variable wrapping when using absolutely huge send buffer sizes This release includes the following known bugs: This release includes the following known bugs: Loading
lib/http.c +20 −1 Original line number Original line Diff line number Diff line Loading @@ -1083,9 +1083,28 @@ CURLcode add_buffer(send_buffer *in, const void *inptr, size_t size) char *new_rb; char *new_rb; size_t new_size; size_t new_size; if(~size < in->size_used) { /* If resulting used size of send buffer would wrap size_t, cleanup the whole buffer and return error. Otherwise the required buffer size will fit into a single allocatable memory chunk */ Curl_safefree(in->buffer); free(in); return CURLE_OUT_OF_MEMORY; } if(!in->buffer || if(!in->buffer || ((in->size_used + size) > (in->size_max - 1))) { ((in->size_used + size) > (in->size_max - 1))) { /* If current buffer size isn't enough to hold the result, use a buffer size that doubles the required size. If this new size would wrap size_t, then just use the largest possible one */ if((size > (size_t)-1/2) || (in->size_used > (size_t)-1/2) || (~(size*2) < (in->size_used*2))) new_size = (size_t)-1; else new_size = (in->size_used+size)*2; new_size = (in->size_used+size)*2; if(in->buffer) if(in->buffer) /* we have a buffer, enlarge the existing one */ /* we have a buffer, enlarge the existing one */ new_rb = (char *)realloc(in->buffer, new_size); new_rb = (char *)realloc(in->buffer, new_size); Loading
