Fix problem in strdup replacement when dealing with absolutely huge strings.

diff --git a/CHANGES b/CHANGES
index e4f9104..96fa0af 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,10 @@
 
                                   Changelog
 
+Yang Tse (6 Feb 2008)
+- Fix an issue in strdup replacement function when dealing with absolutely
+  huge strings. Only systems without a standard strdup would be affected.
+
 Daniel S (3 Feb 2008)
 - Dmitry Kurochkin cleaned up the pipelining code and removed the need for and
   use of the "is_in_pipeline" struct field.

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 9c590e5..09c7c75 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -15,6 +15,7 @@ This release includes the following changes:
 This release includes the following bugfixes:
 
  o improved pipelining
+ o improved strdup replacement
 
 This release includes the following known bugs:
 

diff --git a/lib/strdup.c b/lib/strdup.c
index 97a4890..eef9e08 100644 (file)
--- a/lib/strdup.c
+++ b/lib/strdup.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -27,13 +27,17 @@
 #ifndef HAVE_STRDUP
 char *curlx_strdup(const char *str)
 {
-  int len;
+  size_t len;
   char *newstr;
 
   if(!str)
     return (char *)NULL;
 
   len = strlen(str);
+
+  if(len >= ((size_t)-1) / sizeof(char))
+    return (char *)NULL;
+
   newstr = (char *) malloc((len+1)*sizeof(char));
   if(!newstr)
     return (char *)NULL;