An integer overflow found in src/tool_cb_prg.c #3456
Labels
Comments
Why? What else does this cause than making the progress bar not appear the way it should? |
bagder
added a commit
that referenced
this issue
Jan 10, 2019
When calculating the progress bar width. Reported-by: Peng Li Fixes #3456
|
Thank you bagder for your prompt fix! |
|
Hi There I confirmed that this fix resolves the problem, thank you for fixing them! Best, |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
lipeng28 commentedJan 10, 2019
Hi There
Peng Li at Baidu X-Lab found an integer overflow in the function tool_progress_cb of src/tool_cb_prg.c, the error message is "tool_cb_prg.c:122:29: runtime error: signed integer overflow: 828 + 9223372036854775807 cannot be represented in type 'long'". Since the overflowed variable total is used in the consequent conditionals, I think it is a critical bug.
You could compile curl with undefined behavior sanitizer activated and apply "curl-ubsan -q -K id_005898" to reproduce the bug, the OS is ubuntu 16.04.2 LTS, curl's version is curl 7.61.1 (x86_64-pc-linux-gnu) libcurl/7.61.1. If you need any assistance, please let me know.
Thanks
Peng
int tool_progress_cb(void clientp,
curl_off_t dltotal, curl_off_t dlnow,
curl_off_t ultotal, curl_off_t ulnow)
{
/ The original progress-bar source code was written for curl by Lars Aas,
and this new edition inherits some of his concepts. */
struct timeval now = tvnow();
struct ProgressData *bar = (struct ProgressData *)clientp;
curl_off_t total;
curl_off_t point;
/* expected transfer size */
total = dltotal + ultotal + bar->initial_size;
...
}
id_005898.txt
The text was updated successfully, but these errors were encountered: