From a4140594f15bbbdd7ca14e6f342915541039b38d Mon Sep 17 00:00:00 2001 From: Witold Filipczyk Date: Sat, 9 Jun 2007 17:26:15 +0200 Subject: [PATCH] http chunked: avoid unsafe cases when chunks > 2GB. This and previous commit were inspired by Jonas' mail on elinks-dev. --- src/protocol/http/http.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/protocol/http/http.c b/src/protocol/http/http.c index bcac59ad..6aa81371 100644 --- a/src/protocol/http/http.c +++ b/src/protocol/http/http.c @@ -1224,9 +1224,13 @@ read_chunked_http_data(struct connection *conn, struct read_buffer *rb) if (zero) http->chunk_remaining = 0; len = http->chunk_remaining; - /* Maybe everything necessary didn't come yet.. */ - int_upper_bound(&len, rb->length); - conn->received += len; + if (http->chunk_remaining) { + /* Maybe everything necessary didn't come yet.. + * This handle unlikely case when len < 0 + * or http->chunk_remaining > 4GB and len == 0 */ + int_bounds(&len, 1, rb->length); + conn->received += len; + } data = decompress_data(conn, rb->data, len, &data_len);