2007/10/17, Patrick Monnerat wrote:

>
> > If postfieldsize is zero also return CURLE_OUT_OF_MEMORY.
>
> I think it should'nt: For example, you can use a POST with no data
> because the server does not allow you to issue method GET.
> Moreover this can be achieved with postfieldsize == -1 and a
> null-terminated string, or using the CURLOPT_POSTFIELDS, so I do not
> think it should be rejected here.
>
> In addition, the overflow test is mainly to protect passing a wrong
> number to malloc(). A malloc(0) call is generally successful, but if not
> (this case is libc-dependent), this is of no matter to delay the error
> detection to after the malloc() call.
>

The fact is that a zero size malloc gets into undefined behaviour, and
that by now there shouldn't remain any zero size malloc in libcurl nor
in c-ares. Some time ago there was an effort to get rid of all zero
size malloc's.

Maybe another zero size malloc has crept into the library over the
time. If you find it, please report it.

Since you exactly know which should be the behaviour of option
CURLOPT_COPYPOSTFIELDS even with a zero postfieldsize and its
implications. Couldn't you change the logic to avoid the zero size
malloc ?

Thanks

-- 
-=[Yang]=-