Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Inifinite loop inside libcurl if time_t is defined to unsigned type. #2004
I did this
I updated from libcurl 7.52.1 to 7.56.0 and I found an infinite loop in libcurl, file multi.c, function curl_multi_perform when trying to download a file via libcurl's multi handle approach. The second while loop runs forever on certain systems.
I expected the following
The file should be downloaded.
Issue happens since libcurl version 7.55.0
QNX 6.5/6.6, maybe others
Detailed problem description
The loop happens on systems where time_t is defined to an unsigned type (e.g. QNX). Differences between unsigned types will never become negative and hence the elements in some time_node tree will not be removed if expired.
Since time_t is used at several places, and since I am not very familiar with libcurl source code, I feel unable to fix this myself or provide a patch.
I would suggest to change the time_t handling (again) to use the standard methods to calculate differences (difftime), or use a custom defined type e.g. "typedef long long cutl_time_t" inside cutltime and hide the actual use of the original time_t type.
Problematic lines are for example in multi.c:
We are experiencing the same issue on a platform where time_t is signed - first with a 7.53.0 build, in which the low-speed transfer timeouts were broken because of this, and 7.56.1, in which all transfers just hang. Your fix makes 7.56.1 work! Thank you very much for the impeccable timing :)
... to cater for systems with unsigned time_t variables. - Renamed the functions to curlx_timediff and Curl_timediff_us. - Added overflow protection for both of them in either direction for both 32 bit and 64 bit time_ts - Reprefixed the curlx_time functions to use Curl_* Reported-by: Peter Piekarski Fixes #2004