You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# Name Version Build Channel
libcurl 7.78.0 h2574ce0_0 conda-forge
operating system
Linux 031b5845863a 3.10.0-1160.25.1.el7.x86_64 #1 SMP Wed Apr 28 21:49:45 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Problem
xmlrpc-c uses curl_multi_fdset() unconditionally (whether or not HAVE_FINE_POLL is set while building curl). #7241 disabled checking the file descriptor values against FD_SETSIZE when HAVE_FINE_POLL is defined. I guess this is fine for curl itself, because it probably doesn't call curl_multi_fdset() when using poll() instead of select(), but calling curl_multi_fdset() in an application with more than FD_SETSIZE file descriptors, might now result in memory corruption.
If this behavior is intended (i.e. curl_multi_fdset() is not safe to be called when HAVE_FINE_POLL is defined), this should at the very least be documented. Specifically this sentence from the curl_multi_fdset() man page is not correct anymore:
If one of the sockets used by libcurl happens to be larger than what can be set
in an fd_set, which on POSIX systems means that the file descriptor is larger
than FD_SETSIZE, then libcurl will try to not set it.
The text was updated successfully, but these errors were encountered:
Indeed, the macro that is supposed to check for this isn't doing the right thing if libcurl is built to use poll(), even though poll is not used in this function...
The VALID_SOCK() macro was made to only check for FD_SETSIZE if curl was
built to use select(), even though the curl_multi_fdset() function
always and unconditionally uses FD_SET and needs the check.
Reported-by: 0xee on github
Fixes#7718
I did this
Used curl v7.78.0 with xmlrpc-c (which calls curl_multi_fdset()) in an application with more than 1023 open file descriptors.
I expected the following
No crash (but got memory corruption)
curl/libcurl version
Obtained curl from conda-forge:
operating system
Problem
xmlrpc-c uses curl_multi_fdset() unconditionally (whether or not HAVE_FINE_POLL is set while building curl). #7241 disabled checking the file descriptor values against FD_SETSIZE when HAVE_FINE_POLL is defined. I guess this is fine for curl itself, because it probably doesn't call curl_multi_fdset() when using poll() instead of select(), but calling curl_multi_fdset() in an application with more than FD_SETSIZE file descriptors, might now result in memory corruption.
If this behavior is intended (i.e. curl_multi_fdset() is not safe to be called when HAVE_FINE_POLL is defined), this should at the very least be documented. Specifically this sentence from the curl_multi_fdset() man page is not correct anymore:
The text was updated successfully, but these errors were encountered: