diff options
| author | Marc Hoersken <info@marc-hoersken.de> | 2014-04-19 16:02:14 +0200 |
|---|---|---|
| committer | Marc Hoersken <info@marc-hoersken.de> | 2014-04-19 16:02:14 +0200 |
| commit | ee6791128fce28277671ea378104050cf130d2f2 (patch) | |
| tree | d3d314e72d0590bf9a64c0f09d8093a94da94583 /lib/multi.c | |
| parent | 549b4a659a7ffabe499369869abf05762a4c0287 (diff) | |
multi.c: fix possible invalid memory access in case nfds overflows
ufds might not be allocated in case nfds overflows to zero while
extra_nfds is still non-zero. udfs is then accessed within the
extra_nfds-based for loop.
Diffstat (limited to 'lib/multi.c')
| -rw-r--r-- | lib/multi.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/multi.c b/lib/multi.c index bc69996e6..bc932640a 100644 --- a/lib/multi.c +++ b/lib/multi.c @@ -828,7 +828,7 @@ CURLMcode curl_multi_wait(CURLM *multi_handle, curlfds = nfds; /* number of internal file descriptors */ nfds += extra_nfds; /* add the externally provided ones */ - if(nfds) { + if(nfds || extra_nfds) { ufds = malloc(nfds * sizeof(struct pollfd)); if(!ufds) return CURLM_OUT_OF_MEMORY; |