lib: eliminate size_t casts

Add new functions in `curlx/warnless.h` for controlled type conversions: * curlx_uitouz, convert unsigned into to size_t (should always work) * curlx_uztoso, convert size_t to curl_off_t, capping at CURL_OFF_T_MAX * curlx_sztouz, convert ssize_t to size_t, return TRUE when ok * curlx_sotouz_range, convert curl_off_t to size_t interval, capping values to interval bounds Remove some unnecesary casts, convert some internal recv functions to the "return result, have size_t* arg" pattern. Closes #19495
2026-04-14 21:31:42 +03:00 · 2025-11-12 15:58:49 +01:00 · 2025-11-12 15:58:49 +01:00 · cb2bcb681f
commit cb2bcb681f
parent 78a610cb83
13 changed files with 170 additions and 156 deletions
--- a/lib/setopt.c
+++ b/lib/setopt.c
@ -1689,22 +1689,20 @@ static CURLcode setopt_cptr(struct Curl_easy *data, CURLoption option,
    if(!ptr || s->postfieldsize == -1)
      result = Curl_setstropt(&s->str[STRING_COPYPOSTFIELDS], ptr);
    else {
+      size_t pflen;
+
      if(s->postfieldsize < 0)
        return CURLE_BAD_FUNCTION_ARGUMENT;
-#if SIZEOF_CURL_OFF_T > SIZEOF_SIZE_T
-      /*
-       *  Check that requested length does not overflow the size_t type.
-       */
-      else if(s->postfieldsize > SIZE_MAX)
+      pflen = curlx_sotouz_range(s->postfieldsize, 0, SIZE_MAX);
+      if(pflen == SIZE_MAX)
        return CURLE_OUT_OF_MEMORY;
-#endif
      else {
        /* Allocate even when size == 0. This satisfies the need of possible
           later address compare to detect the COPYPOSTFIELDS mode, and to
           mark that postfields is used rather than read function or form
           data.
        */
-        char *p = Curl_memdup0(ptr, (size_t)s->postfieldsize);
+        char *p = Curl_memdup0(ptr, pflen);
        if(!p)
          return CURLE_OUT_OF_MEMORY;
        else {