cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Patrick: Diff for /curl/lib/url.c between version 1.656 and 1.657

From: Michal Marek <mmarek_at_suse.cz>
Date: Wed, 17 Oct 2007 03:33:46 +0200

Yang Tse wrote:
> Hi Patrick
>
> The attached patch addresses the size_t overflow you're performing
> with less compiler warnings. Is this patch ok for you ?
>
> Besides that. Could you double check the logic in Curl_setopt "case
> CURLOPT_COPYPOSTFIELDS" when the result is CURLE_OUT_OF_MEMORY? I'm
> not completely sure it is ok.

Actually, why bother at all? There's no way for libcurl to check whether
the size is valid or not and this code just checks for a special case.
Eg. setting CURLOPT_POSTFIELDSIZE to 0xfffffff0 and passing a five-byte
buffer to CURLOPT_COPYPOSTFIELDS is going to crash as well. IMO there's
little value in such a check, libcurl is a C library and it has no
option but to trust the function arguments.

Michal
Received on 2007-10-17