"Xu Zhongxing" <[email protected]> writes:
> I scanned wget with my static analysis tool, and found a potential bug.
> The triggering path is described in attached xml file. Could you please take
> a look at it.
> The version of wget is 1.13.3
thanks to have reported it.
I have applied the following patch:
=== modified file 'src/gnutls.c'
--- src/gnutls.c 2012-02-23 10:11:49 +0000
+++ src/gnutls.c 2012-04-01 14:24:28 +0000
@@ -160,9 +160,13 @@
do
{
- double next_timeout = timeout - ptimer_measure (timer);
- if (timeout && next_timeout < 0)
- break;
+ double next_timeout;
+ if (timeout > 0.0)
+ {
+ next_timeout = timeout - ptimer_measure (timer);
+ if (next_timeout < 0)
+ break;
+ }
ret = GNUTLS_E_AGAIN;
if (timeout == 0 || gnutls_record_check_pending (ctx->session)
Cheers,
Giuseppe
