packages/curl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
curl/tool_cb_prg-avoid-integer-overflow.patch
overweight 46341a033c Package init
2019-09-30 10:36:29 -04:00

64 lines
2.0 KiB
Diff
Raw Blame History

From 61faa0b420c236480bc9ef6fd52b4ecc1e0f8d17 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 11 Jan 2019 00:25:46 +0100
Subject: [PATCH 437/557] tool_cb_prg: avoid integer overflow
When calculating the progress bar width.
Reported-by: Peng Li
Fixes #3456
Closes #3458
---
src/tool_cb_prg.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/src/tool_cb_prg.c b/src/tool_cb_prg.c
index 15ff5b2..0539e98 100644
--- a/src/tool_cb_prg.c
+++ b/src/tool_cb_prg.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -106,6 +106,13 @@ static void fly(struct ProgressData *bar, bool moved)
#define MAX_BARLENGTH 256
+#if (SIZEOF_CURL_OFF_T == 4)
+# define CURL_OFF_T_MAX CURL_OFF_T_C(0x7FFFFFFF)
+#else
+ /* assume CURL_SIZEOF_CURL_OFF_T == 8 */
+# define CURL_OFF_T_MAX CURL_OFF_T_C(0x7FFFFFFFFFFFFFFF)
+#endif
+
int tool_progress_cb(void *clientp,
curl_off_t dltotal, curl_off_t dlnow,
curl_off_t ultotal, curl_off_t ulnow)
@@ -119,10 +126,16 @@ int tool_progress_cb(void *clientp,
curl_off_t point;
/* expected transfer size */
- total = dltotal + ultotal + bar->initial_size;
+ if((CURL_OFF_T_MAX - bar->initial_size) < (dltotal + ultotal))
+ total = CURL_OFF_T_MAX;
+ else
+ total = dltotal + ultotal + bar->initial_size;
/* we've come this far */
- point = dlnow + ulnow + bar->initial_size;
+ if((CURL_OFF_T_MAX - bar->initial_size) < (dlnow + ulnow))
+ point = CURL_OFF_T_MAX;
+ else
+ point = dlnow + ulnow + bar->initial_size;
if(bar->calls) {
/* after first call... */
--
1.8.3.1
Reference in New Issue View Git Blame Copy Permalink