Crash in URL::FallbackDownloadTask::run if contentLength is greater than <int>::max()

There’s an assumption in URL::FallbackDownloadTask::run that content won’t be larger than std::numeric_limits<int64>::max():

auto max = jmin ((int) bufferSize, contentLength < 0 ? std::numeric_limits<int>::max()
                                                     : static_cast<int> (contentLength - downloaded));

If contentLength is bigger than std::numeric_limits<int>::max() then the static cast can UB/overflow to a negative number and max gets assigned a negative.

I think changing it to support int64 will work, that way it can’t overflow and because bufferSize is always small, max will always be positive:

auto max = (int) jmin ((int64) bufferSize, contentLength < 0 ? std::numeric_limits<int64>::max()
                                                             : static_cast<int64> (contentLength - downloaded));

Would you be able to make that change?

Yep, that sounds sensible.

1 Like