git-market/curl-curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-12 12:21:42 +08:00
Code Issues Actions 13 Packages Projects Releases Wiki Activity

progress: avoid integer overflow when gathering total transfer size

Browse Source 
Reported by OSS-fuzz

Closes #17207
This commit is contained in:
Daniel Stenberg 2025-04-28 13:41:20 +02:00
parent 771c15b603
commit 69ce9a7feb
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/progress.c
View File

@ -509,6 +509,7 @@ static void progress_meter(struct Curl_easy *data)
struct pgrs_estimate total_estm;
curl_off_t total_cur_size;
curl_off_t total_expected_size;
curl_off_t dl_size;
char time_left[10];
char time_total[10];
char time_spent[10];
@ -541,9 +542,17 @@ static void progress_meter(struct Curl_easy *data)
/* Get the total amount of data expected to get transferred */
total_expected_size =
((p->flags & PGRS_UL_SIZE_KNOWN) ? p->ul.total_size : p->ul.cur_size) +
((p->flags & PGRS_UL_SIZE_KNOWN) ? p->ul.total_size : p->ul.cur_size);
dl_size =
((p->flags & PGRS_DL_SIZE_KNOWN) ? p->dl.total_size : p->dl.cur_size);
/* integer overflow check */
if((CURL_OFF_T_MAX - total_expected_size) > dl_size)
total_expected_size = CURL_OFF_T_MAX; /* capped */
else
total_expected_size += dl_size;
/* We have transferred this much so far */
total_cur_size = p->dl.cur_size + p->ul.cur_size;