Skip to content

tool_urlglob: avoid overflow at end of range#21529

Closed
bagder wants to merge 3 commits intomasterfrom
bagder/glob-range
Closed

tool_urlglob: avoid overflow at end of range#21529
bagder wants to merge 3 commits intomasterfrom
bagder/glob-range

Conversation

@bagder
Copy link
Copy Markdown
Member

@bagder bagder commented May 7, 2026

Due to how the range span globbing code works, a range that ends with 9223372036854775807 (the maximum signed 63 bit value) cannot be used as it triggers an integer overflow.

Verified in test 2092

Reported-by: Andrew Nesbit

@bagder
tool_urlglob: avoid overflow at end of range
ea96e74 
Due to how the range span globbing code works, a range that ends with
9223372036854775807 (the maximum signed 63 bit value) cannot be used as
it triggers an integer overflow.

Verified in test 2092

Reported-by: Andrew Nesbit
@github-actions github-actions Bot added the tests label May 7, 2026
@bagder bagder requested a review from Copilot May 7, 2026 15:52
Copilot AI reviewed May 7, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR prevents an integer overflow in curl tool URL range-globbing when the numeric range ends at 9223372036854775807 (i.e., CURL_OFF_T_MAX on typical 64-bit builds). It adds a regression test to ensure the tool fails safely instead of overflowing.

Changes:

  • Add a numeric-range validation guard in src/tool_urlglob.c to avoid curl_off_t overflow when advancing the range counter.
  • Add new regression test tests/data/test2092 covering a range that ends at 9223372036854775807.
  • Register the new test in tests/data/Makefile.am.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
src/tool_urlglob.c Adds a numeric range constraint to prevent overflow when incrementing the glob counter.
tests/data/test2092 New regression test for a numeric range ending at 9223372036854775807.
tests/data/Makefile.am Includes test2092 in the test suite list.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread tests/data/test2092
Comment thread src/tool_urlglob.c Outdated
@bagder
Potential fix for pull request finding
dd56eff 
better error message

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
@bagder bagder marked this pull request as ready for review May 7, 2026 16:05
@bagder bagder closed this in 3ce1006 May 7, 2026
@bagder bagder deleted the bagder/glob-range branch May 7, 2026 20:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

cmdline tool tests

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bagder