From ee6791128fce28277671ea378104050cf130d2f2 Mon Sep 17 00:00:00 2001
From: Marc Hoersken <info@marc-hoersken.de>
Date: Sat, 19 Apr 2014 16:02:14 +0200
Subject: multi.c: fix possible invalid memory access in case nfds overflows

ufds might not be allocated in case nfds overflows to zero while
extra_nfds is still non-zero. udfs is then accessed within the
extra_nfds-based for loop.
---
 lib/multi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/multi.c')

diff --git a/lib/multi.c b/lib/multi.c
index bc69996e6..bc932640a 100644
--- a/lib/multi.c
+++ b/lib/multi.c
@@ -828,7 +828,7 @@ CURLMcode curl_multi_wait(CURLM *multi_handle,
   curlfds = nfds; /* number of internal file descriptors */
   nfds += extra_nfds; /* add the externally provided ones */
 
-  if(nfds) {
+  if(nfds || extra_nfds) {
     ufds = malloc(nfds * sizeof(struct pollfd));
     if(!ufds)
       return CURLM_OUT_OF_MEMORY;
-- 
cgit v1.2.3