# Name Version Build Channel
libcurl 7.78.0 h2574ce0_0 conda-forge
Linux 031b5845863a 3.10.0-1160.25.1.el7.x86_64 #1 SMP Wed Apr 28 21:49:45 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
xmlrpc-c uses curl_multi_fdset() unconditionally (whether or not HAVE_FINE_POLL is set while building curl). #7241 disabled checking the file descriptor values against FD_SETSIZE when HAVE_FINE_POLL is defined. I guess this is fine for curl itself, because it probably doesn't call curl_multi_fdset() when using poll() instead of select(), but calling curl_multi_fdset() in an application with more than FD_SETSIZE file descriptors, might now result in memory corruption.
If this behavior is intended (i.e. curl_multi_fdset() is not safe to be called when HAVE_FINE_POLL is defined), this should at the very least be documented. Specifically this sentence from the curl_multi_fdset() man page is not correct anymore:
If one of the sockets used by libcurl happens to be larger than what can be set
in an fd_set, which on POSIX systems means that the file descriptor is larger
than FD_SETSIZE, then libcurl will try to not set it.
The text was updated successfully, but these errors were encountered:
The VALID_SOCK() macro was made to only check for FD_SETSIZE if curl was
built to use select(), even though the curl_multi_fdset() function
always and unconditionally uses FD_SET and needs the check.
Reported-by: 0xee on github