From: Daniel Gustafsson <daniel@yesql.se>
Date: Mon, 24 Jun 2019 21:30:31 +0000 (+0200)
Subject: http: clarify header buffer size calculation
X-Git-Tag: curl-7_65_2~45
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b96282010e4b8bf373c1fb631a5e305442af634a;p=curl

http: clarify header buffer size calculation

The header buffer size calculation can from static analysis seem to
overlow as it performs an addition between two size_t variables and
stores the result in a size_t variable. Overflow is however guarded
against elsewhere since the input to the addition is regulated by
the maximum read buffer size. Clarify this with a comment since the
question was asked.

Reviewed-by: Daniel Stenberg <daniel@haxx.se>
---

diff --git a/lib/http.c b/lib/http.c
index d01e1bfdb..14d1e89eb 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -3147,6 +3147,9 @@ static CURLcode header_append(struct Curl_easy *data,
                               struct SingleRequest *k,
                               size_t length)
 {
+  /* length is at most the size of a full read buffer, for which the upper
+     bound is CURL_MAX_READ_SIZE. There is thus no chance of overflow in this
+     calculation. */
   size_t newsize = k->hbuflen + length;
   if(newsize > CURL_MAX_HTTP_HEADER) {
     /* The reason to have a max limit for this is to avoid the risk of a bad