I did this
Used curl v7.78.0 with xmlrpc-c (which calls curl_multi_fdset()) in an application with more than 1023 open file descriptors.
I expected the following
No crash (but got memory corruption)
Obtained curl from conda-forge:
xmlrpc-c uses curl_multi_fdset() unconditionally (whether or not HAVE_FINE_POLL is set while building curl). #7241 disabled checking the file descriptor values against FD_SETSIZE when HAVE_FINE_POLL is defined. I guess this is fine for curl itself, because it probably doesn't call curl_multi_fdset() when using poll() instead of select(), but calling curl_multi_fdset() in an application with more than FD_SETSIZE file descriptors, might now result in memory corruption.
If this behavior is intended (i.e. curl_multi_fdset() is not safe to be called when HAVE_FINE_POLL is defined), this should at the very least be documented. Specifically this sentence from the curl_multi_fdset() man page is not correct anymore:
The text was updated successfully, but these errors were encountered:
The VALID_SOCK() macro was made to only check for FD_SETSIZE if curl was built to use select(), even though the curl_multi_fdset() function always and unconditionally uses FD_SET and needs the check. Reported-by: 0xee on github Fixes #7718