f78700814d
Adds a "cw-pause" client writer in the PROTOCOL phase that buffers output when the client paused the transfer. This prevents content decoding from blowing the buffer in the "cw-out" writer. Added test_02_35 that downloads 2 100MB gzip bombs in parallel and pauses after 1MB of decoded 0's. This is a solution to issue #16280, with some limitations: - cw-out still needs buffering of its own, since it can be paused "in the middle" of a write that started with some KB of gzipped zeros and exploded into several MB of calls to cw-out. - cw-pause will then start buffering on its own *after* the write that caused the pause. cw-pause has no buffer limits, but the data it buffers is still content-encoded. Protocols like http/1.1 stop receiving, h2/h3 have window sizes, so the cw-pause buffer should not grow out of control, at least for these protocols. - the current limit on cw-out's buffer is ~75MB (for whatever historical reason). A potential content-encoding that blows 16KB (the common h2 chunk size) into > 75MB would still blow the buffer, making the transfer fail. A gzip of 0's makes 16KB into ~16MB, so that still works. A better solution would be to allow CURLE_AGAIN handling in the client writer chain and make all content encoders handle that. This would stop explosion of encoding on a pause right away. But this is a large change of the deocoder operations. Reported-by: lf- on github Fixes #16280 Closes #16296 |
||
|---|---|---|
| .circleci | ||
| .github | ||
| CMake | ||
| docs | ||
| include | ||
| lib | ||
| LICENSES | ||
| m4 | ||
| packages | ||
| plan9 | ||
| projects | ||
| scripts | ||
| src | ||
| tests | ||
| winbuild | ||
| .dir-locals.el | ||
| .git-blame-ignore-revs | ||
| .gitattributes | ||
| .gitignore | ||
| .mailmap | ||
| acinclude.m4 | ||
| appveyor.sh | ||
| appveyor.yml | ||
| buildconf | ||
| CHANGES.md | ||
| CMakeLists.txt | ||
| configure.ac | ||
| COPYING | ||
| curl-config.in | ||
| Dockerfile | ||
| GIT-INFO.md | ||
| libcurl.pc.in | ||
| Makefile.am | ||
| README | ||
| README.md | ||
| RELEASE-NOTES | ||
| renovate.json | ||
| REUSE.toml | ||
| SECURITY.md | ||
curl is a command-line tool for transferring data specified with URL syntax. Learn how to use curl by reading the manpage or everything curl.
Find out how to install curl by reading the INSTALL document.
libcurl is the library curl is using to do its job. It is readily available to be used by your software. Read the libcurl manpage to learn how.
Open Source
curl is Open Source and is distributed under an MIT-like license.
Contact
Contact us on a suitable mailing list or use GitHub issues/ pull requests/ discussions.
All contributors to the project are listed in the THANKS document.
Commercial support
For commercial support, maybe private and dedicated help with your problems or applications using (lib)curl visit the support page.
Website
Visit the curl website for the latest news and downloads.
Source code
Download the latest source from the Git server:
git clone https://github.com/curl/curl.git
Security problems
Report suspected security problems via our HackerOne page and not in public.
Notice
curl contains pieces of source code that is Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan. This notice is included here to comply with the distribution terms.
Backers
Thank you to all our backers 🙏 Become a backer.
Sponsors
Support this project by becoming a sponsor.