progress: count amount of data "delivered" to application

... and apply the CURLOPT_MAXFILESIZE limit (if set) on that as well. This effectively protects the user against "zip bombs". Test case 1618 verifies using a 14 byte brotli payload that otherwise explodes to 102400 zero bytes. Closes #20787
2026-04-14 22:31:41 +03:00 · 2026-03-02 11:02:03 +01:00 · 2026-03-02 11:02:03 +01:00 · 77ed315096
commit 77ed315096
parent fa13f373b2
22 changed files with 218 additions and 11 deletions
--- a/docs/cmdline-opts/max-filesize.md
+++ b/docs/cmdline-opts/max-filesize.md
@ -37,3 +37,6 @@ threshold during transfer.
 Starting in curl 8.19.0, the maximum size can be specified using a fraction as
 in `2.5M` for two and a half megabytes. It only works with a period (`.`)
 delimiter, independent of what your locale might prefer.
+
+Since 8.20.0, this option also stops ongoing transfers that would reach this
+threshold due to automatic decompression using --compressed.
--- a/docs/cmdline-opts/write-out.md
+++ b/docs/cmdline-opts/write-out.md
@ -192,6 +192,11 @@ known as "http_code"). (Added in 7.18.2)
 ## `scheme`
 The URL scheme (sometimes called protocol) that was effectively used. (Added in 7.52.0)

+## `size_delivered`
+The total amount of data that were saved or written to stdout. When
+--compressed is used, this is likely different than `size_download`. Includes
+the headers in the count if --include is used.
+
 ## `size_download`
 The total amount of bytes that were downloaded. This is the size of the
 body/data that was transferred, excluding headers.