http: RecvMessage: Fix potential allocation failure

pupnp / pupnp

libupnp: Build UPnP-compliant control points, devices, and bridges on several operating systems.

https://pupnp.github.io/pupnp

BSD 3-Clause "New" or "Revised" License

349 stars 114 forks source link

http: RecvMessage: Fix potential allocation failure #406

Closed chouquette closed 1 year ago

chouquette commented 1 year ago

If for whatever reason the server replies without maxing out the buffer, the code would end up doubling the buffer size nonetheless, which can quickly cause malloc to fail, once we try to allocate 2^30 or more bytes This was especially noticeable for large results. Reported as https://code.videolan.org/videolan/vlc/-/issues/27173

cgisquet commented 1 year ago

FYI, this is a realworld breakage (as indicated by the linked VLC issue): a lot of users (myself included) have been unable to view media files on their server when the client uses an up-to-date libupnp.

mrjimenez commented 1 year ago

Please check the new release. 1.14.13.

Thank you for the support.