search

siva-msft / curl

Other
0 stars 0 forks source link

Potential security issue in src/tool_urlglob.c: Arithmetic Overflow in Expression #41

Open monocle-ai opened 4 years ago

monocle-ai commented 4 years ago

What is a Arithmetic Overflow? When a narrow type integral value was shifted left, multiplied, added, or subtracted and the result of that arithmetic operation was cast to a wider type value. If the operation overflowed the narrow type value, then data is lost. You can prevent this loss by converting the value to a wider type before the arithmetic operation.

1 instance of this defect were found in the following locations:

Instance 1 File : src/tool_urlglob.c https://github.com/siva-msft/curl/blob/0eda1cffe4f39fe489cd0e859817213df27aecf5/src/tool_urlglob.c#L123 Code extract:

      *buf = '\0';
      if(pat->content.Set.elements) {
        char **new_arr = realloc(pat->content.Set.elements,
                                 (pat->content.Set.size + 1) * sizeof(char *)); <------ HERE
        if(!new_arr)
          return GLOBERROR("out of memory", 0, CURLE_OUT_OF_MEMORY);
siva-msft commented 4 years ago

fp