aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Gustafsson <daniel@yesql.se>2019-06-24 23:30:31 +0200
committerDaniel Gustafsson <daniel@yesql.se>2019-06-24 23:35:06 +0200
commitb96282010e4b8bf373c1fb631a5e305442af634a (patch)
tree415c80403a79252d3cc6807c6fddfc649bc32ed8
parent1853c884ef28197339e57f4ec405630944300855 (diff)
http: clarify header buffer size calculation
The header buffer size calculation can from static analysis seem to overlow as it performs an addition between two size_t variables and stores the result in a size_t variable. Overflow is however guarded against elsewhere since the input to the addition is regulated by the maximum read buffer size. Clarify this with a comment since the question was asked. Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-rw-r--r--lib/http.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/http.c b/lib/http.c
index d01e1bfdb..14d1e89eb 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -3147,6 +3147,9 @@ static CURLcode header_append(struct Curl_easy *data,
struct SingleRequest *k,
size_t length)
{
+ /* length is at most the size of a full read buffer, for which the upper
+ bound is CURL_MAX_READ_SIZE. There is thus no chance of overflow in this
+ calculation. */
size_t newsize = k->hbuflen + length;
if(newsize > CURL_MAX_HTTP_HEADER) {
/* The reason to have a max limit for this is to avoid the risk of a bad