Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
An integer overflow found in src/tool_cb_prg.c #3456
Peng Li at Baidu X-Lab found an integer overflow in the function tool_progress_cb of src/tool_cb_prg.c, the error message is "tool_cb_prg.c:122:29: runtime error: signed integer overflow: 828 + 9223372036854775807 cannot be represented in type 'long'". Since the overflowed variable total is used in the consequent conditionals, I think it is a critical bug.
You could compile curl with undefined behavior sanitizer activated and apply "curl-ubsan -q -K id_005898" to reproduce the bug, the OS is ubuntu 16.04.2 LTS, curl's version is curl 7.61.1 (x86_64-pc-linux-gnu) libcurl/7.61.1. If you need any assistance, please let me know.
int tool_progress_cb(void clientp,
struct timeval now = tvnow();
/* expected transfer size */