10 files changed, 80 insertions, 93 deletions

diff --git a/src/Makefile.am b/src/Makefile.am
index a25e84490..c1bcf2735 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -220,7 +220,7 @@ endif
 endif
 
 # disable the tests that are mostly causing false positives
-TIDYFLAGS := -checks=-clang-analyzer-security.insecureAPI.bzero,-clang-analyzer-security.insecureAPI.strcpy,-clang-analyzer-optin.performance.Padding,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling -quiet
+TIDYFLAGS := -checks=-clang-analyzer-security.insecureAPI.bzero,-clang-analyzer-security.insecureAPI.strcpy,-clang-analyzer-optin.performance.Padding,-clang-analyzer-security.ArrayBound,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling -quiet
 if CURL_WERROR
 TIDYFLAGS += --warnings-as-errors=*
 endif
diff --git a/src/config2setopts.c b/src/config2setopts.c
index ba31de9ab..e8f4b0a40 100644
--- a/src/config2setopts.c
+++ b/src/config2setopts.c
@@ -40,9 +40,6 @@
 
 #define BUFFER_SIZE 102400L
 
-/* When doing serial transfers, we use a single fixed error area */
-static char global_errorbuffer[CURL_ERROR_SIZE];
-
 #ifdef IP_TOS
 static int get_address_family(curl_socket_t sockfd)
 {
@@ -869,10 +866,7 @@ CURLcode config2setopts(struct OperationConfig *config,
   my_setopt_str(curl, CURLOPT_LOGIN_OPTIONS, config->login_options);
   my_setopt_str(curl, CURLOPT_USERPWD, config->userpwd);
   my_setopt_str(curl, CURLOPT_RANGE, config->range);
-  if(!global->parallel) {
-    per->errorbuffer = global_errorbuffer;
-    my_setopt(curl, CURLOPT_ERRORBUFFER, global_errorbuffer);
-  }
+  my_setopt(curl, CURLOPT_ERRORBUFFER, per->errorbuffer);
   my_setopt_long(curl, CURLOPT_TIMEOUT_MS, config->timeout_ms);
 
   switch(config->httpreq) {
diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h
index 23e874f44..5e7222a8a 100644
--- a/src/tool_cfgable.h
+++ b/src/tool_cfgable.h
@@ -383,6 +383,7 @@ struct GlobalConfig {
   BIT(silent);                    /* do not show messages, --silent given */
   BIT(noprogress);                /* do not show progress bar */
   BIT(isatty);                    /* Updated internally if output is a tty */
+  BIT(trace_set);                 /* --trace-config has been used */
 };
 
 struct OperationConfig *config_alloc(void);
diff --git a/src/tool_doswin.c b/src/tool_doswin.c
index bff8573d7..2b3233a27 100644
--- a/src/tool_doswin.c
+++ b/src/tool_doswin.c
@@ -472,7 +472,8 @@ static SANITIZEcode rename_if_reserved_dos(char **const sanitized,
 
   /* Rename reserved device names that are known to be accessible without \\.\
      Examples: CON => _CON, CON.EXT => CON_EXT, CON:ADS => CON_ADS
-     https://support.microsoft.com/en-us/kb/74496
+     https://web.archive.org/web/20160314141551/
+       support.microsoft.com/en-us/kb/74496
      https://msdn.microsoft.com/en-us/library/windows/desktop/aa365247.aspx
      */
   for(p = fname; p; p = (p == fname && fname != base ? base : NULL)) {
diff --git a/src/tool_filetime.c b/src/tool_filetime.c
index 8907bcda6..c818fe3ad 100644
--- a/src/tool_filetime.c
+++ b/src/tool_filetime.c
@@ -88,65 +88,63 @@ int getfiletime(const char *filename, curl_off_t *stamp)
 #if defined(HAVE_UTIME) || defined(HAVE_UTIMES) || defined(_WIN32)
 void setfiletime(curl_off_t filetime, const char *filename)
 {
-  if(filetime >= 0) {
 /* Windows utime() may attempt to adjust the Unix GMT file time by a daylight
    saving time offset and since it is GMT that is bad behavior. When we have
    access to a 64-bit type we can bypass utime and set the times directly. */
 #if defined(_WIN32) && !defined(CURL_WINDOWS_UWP)
-    HANDLE hfile;
-    TCHAR *tchar_filename = curlx_convert_UTF8_to_tchar(filename);
-
-    /* 910670515199 is the maximum Unix filetime that can be used as a
-       Windows FILETIME without overflow: 30827-12-31T23:59:59. */
-    if(filetime > 910670515199) {
-      warnf("Failed to set filetime %" CURL_FORMAT_CURL_OFF_T
-            " on outfile: overflow", filetime);
-      curlx_unicodefree(tchar_filename);
-      return;
-    }
+  HANDLE hfile;
+  TCHAR *tchar_filename = curlx_convert_UTF8_to_tchar(filename);
 
-    hfile = CreateFile(tchar_filename, FILE_WRITE_ATTRIBUTES,
-                       (FILE_SHARE_READ | FILE_SHARE_WRITE |
-                        FILE_SHARE_DELETE),
-                       NULL, OPEN_EXISTING, 0, NULL);
+  /* 910670515199 is the maximum Unix filetime that can be used as a
+     Windows FILETIME without overflow: 30827-12-31T23:59:59. */
+  if(filetime > 910670515199) {
+    warnf("Failed to set filetime %" CURL_FORMAT_CURL_OFF_T
+          " on outfile: overflow", filetime);
     curlx_unicodefree(tchar_filename);
-    if(hfile != INVALID_HANDLE_VALUE) {
-      curl_off_t converted = ((curl_off_t)filetime * 10000000) +
-        116444736000000000;
-      FILETIME ft;
-      ft.dwLowDateTime = (DWORD)(converted & 0xFFFFFFFF);
-      ft.dwHighDateTime = (DWORD)(converted >> 32);
-      if(!SetFileTime(hfile, NULL, &ft, &ft)) {
-        warnf("Failed to set filetime %" CURL_FORMAT_CURL_OFF_T
-              " on outfile: SetFileTime failed: GetLastError %u",
-              filetime, (unsigned int)GetLastError());
-      }
-      CloseHandle(hfile);
-    }
-    else {
+    return;
+  }
+
+  hfile = CreateFile(tchar_filename, FILE_WRITE_ATTRIBUTES,
+                     (FILE_SHARE_READ | FILE_SHARE_WRITE |
+                      FILE_SHARE_DELETE),
+                     NULL, OPEN_EXISTING, 0, NULL);
+  curlx_unicodefree(tchar_filename);
+  if(hfile != INVALID_HANDLE_VALUE) {
+    curl_off_t converted = ((curl_off_t)filetime * 10000000) +
+      116444736000000000;
+    FILETIME ft;
+    ft.dwLowDateTime = (DWORD)(converted & 0xFFFFFFFF);
+    ft.dwHighDateTime = (DWORD)(converted >> 32);
+    if(!SetFileTime(hfile, NULL, &ft, &ft)) {
       warnf("Failed to set filetime %" CURL_FORMAT_CURL_OFF_T
-            " on outfile: CreateFile failed: GetLastError %u",
+            " on outfile: SetFileTime failed: GetLastError %u",
             filetime, (unsigned int)GetLastError());
     }
+    CloseHandle(hfile);
+  }
+  else {
+    warnf("Failed to set filetime %" CURL_FORMAT_CURL_OFF_T
+          " on outfile: CreateFile failed: GetLastError %u",
+          filetime, (unsigned int)GetLastError());
+  }
 
 #elif defined(HAVE_UTIMES)
-    struct timeval times[2];
-    times[0].tv_sec = times[1].tv_sec = (time_t)filetime;
-    times[0].tv_usec = times[1].tv_usec = 0;
-    if(utimes(filename, times)) {
-      warnf("Failed to set filetime %" CURL_FORMAT_CURL_OFF_T
-            " on '%s': %s", filetime, filename, strerror(errno));
-    }
+  struct timeval times[2];
+  times[0].tv_sec = times[1].tv_sec = (time_t)filetime;
+  times[0].tv_usec = times[1].tv_usec = 0;
+  if(utimes(filename, times)) {
+    warnf("Failed to set filetime %" CURL_FORMAT_CURL_OFF_T
+          " on '%s': %s", filetime, filename, strerror(errno));
+  }
 
 #elif defined(HAVE_UTIME)
-    struct utimbuf times;
-    times.actime = (time_t)filetime;
-    times.modtime = (time_t)filetime;
-    if(utime(filename, &times)) {
-      warnf("Failed to set filetime %" CURL_FORMAT_CURL_OFF_T
-            " on '%s': %s", filetime, filename, strerror(errno));
-    }
-#endif
+  struct utimbuf times;
+  times.actime = (time_t)filetime;
+  times.modtime = (time_t)filetime;
+  if(utime(filename, &times)) {
+    warnf("Failed to set filetime %" CURL_FORMAT_CURL_OFF_T
+          " on '%s': %s", filetime, filename, strerror(errno));
   }
+#endif
 }
 #endif /* HAVE_UTIME || HAVE_UTIMES || _WIN32 */
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 475cbd492..165a4bfb6 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -1477,7 +1477,7 @@ static ParameterError parse_verbose(bool toggle)
   else if(!verbose_nopts) {
     /* fist `-v` in an argument resets to base verbosity */
     global->verbosity = 0;
-    if(set_trace_config("-all"))
+    if(!global->trace_set && set_trace_config("-all"))
       return PARAM_NO_MEM;
   }
   /* the '%' thing here will cause the trace get sent to stderr */
@@ -2443,6 +2443,7 @@ static ParameterError opt_filestring(struct OperationConfig *config,
     /* 0 is a valid value for this timeout */
     break;
   case C_TRACE_CONFIG: /* --trace-config */
+    global->trace_set = TRUE;
     if(set_trace_config(nextarg))
       err = PARAM_NO_MEM;
     break;
diff --git a/src/tool_operate.c b/src/tool_operate.c
index 57d9e9d3b..2c3030096 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -582,7 +582,7 @@ static CURLcode post_per_transfer(struct per_transfer *per,
        (!global->silent || global->showerror)) {
       const char *msg = per->errorbuffer;
       fprintf(tool_stderr, "curl: (%d) %s\n", result,
-              (msg && msg[0]) ? msg : curl_easy_strerror(result));
+              msg[0] ? msg : curl_easy_strerror(result));
       if(result == CURLE_PEER_FAILED_VERIFICATION)
         fputs(CURL_CA_CERT_ERRORMSG, tool_stderr);
     }
@@ -679,7 +679,8 @@ static CURLcode post_per_transfer(struct per_transfer *per,
     /* Ask libcurl if we got a remote file time */
     curl_off_t filetime = -1;
     curl_easy_getinfo(curl, CURLINFO_FILETIME_T, &filetime);
-    setfiletime(filetime, outs->filename);
+    if(filetime != -1)
+      setfiletime(filetime, outs->filename);
   }
 skip:
   /* Write the --write-out data before cleanup but after result is final */
@@ -705,8 +706,6 @@ skip:
   free(per->url);
   free(per->outfile);
   free(per->uploadfile);
-  if(global->parallel)
-    free(per->errorbuffer);
   curl_slist_free_all(per->hdrcbdata.headlist);
   per->hdrcbdata.headlist = NULL;
   return result;
@@ -1346,7 +1345,6 @@ static CURLcode add_parallel_transfers(CURLM *multi, CURLSH *share,
   CURLcode result = CURLE_OK;
   CURLMcode mcode;
   bool sleeping = FALSE;
-  char *errorbuf;
   curl_off_t nxfers;
 
   *addedp = FALSE;
@@ -1381,10 +1379,6 @@ static CURLcode add_parallel_transfers(CURLM *multi, CURLSH *share,
     if(result)
       return result;
 
-    errorbuf = malloc(CURL_ERROR_SIZE);
-    if(!errorbuf)
-      return CURLE_OUT_OF_MEMORY;
-
     /* parallel connect means that we do not set PIPEWAIT since pipewait
        will make libcurl prefer multiplexing */
     (void)curl_easy_setopt(per->curl, CURLOPT_PIPEWAIT,
@@ -1395,6 +1389,7 @@ static CURLcode add_parallel_transfers(CURLM *multi, CURLSH *share,
     (void)curl_easy_setopt(per->curl, CURLOPT_XFERINFOFUNCTION, xferinfo_cb);
     (void)curl_easy_setopt(per->curl, CURLOPT_XFERINFODATA, per);
     (void)curl_easy_setopt(per->curl, CURLOPT_NOPROGRESS, 0L);
+    (void)curl_easy_setopt(per->curl, CURLOPT_ERRORBUFFER, per->errorbuffer);
 #ifdef DEBUGBUILD
     if(getenv("CURL_FORBID_REUSE"))
       (void)curl_easy_setopt(per->curl, CURLOPT_FORBID_REUSE, 1L);
@@ -1415,13 +1410,10 @@ static CURLcode add_parallel_transfers(CURLM *multi, CURLSH *share,
           break;
       } while(skipped);
     }
-    if(result) {
-      free(errorbuf);
+    if(result)
       return result;
-    }
-    errorbuf[0] = 0;
-    (void)curl_easy_setopt(per->curl, CURLOPT_ERRORBUFFER, errorbuf);
-    per->errorbuffer = errorbuf;
+
+    per->errorbuffer[0] = 0;
     per->added = TRUE;
     all_added++;
     *addedp = TRUE;
@@ -1706,8 +1698,7 @@ static CURLcode check_finished(struct parastate *s)
       curl_easy_getinfo(easy, CURLINFO_PRIVATE, (void *)&ended);
       curl_multi_remove_handle(s->multi, easy);
 
-      if(ended->abort && (tres == CURLE_ABORTED_BY_CALLBACK) &&
-         ended->errorbuffer) {
+      if(ended->abort && (tres == CURLE_ABORTED_BY_CALLBACK)) {
         msnprintf(ended->errorbuffer, CURL_ERROR_SIZE,
                   "Transfer aborted due to critical error "
                   "in another transfer");
diff --git a/src/tool_operate.h b/src/tool_operate.h
index a323271b7..19cb8b524 100644
--- a/src/tool_operate.h
+++ b/src/tool_operate.h
@@ -66,8 +66,7 @@ struct per_transfer {
 
   /* NULL or malloced */
   char *uploadfile;
-  char *errorbuffer; /* allocated and assigned while this is used for a
-                        transfer */
+  char errorbuffer[CURL_ERROR_SIZE];
   BIT(infdopen); /* TRUE if infd needs closing */
   BIT(noprogress);
   BIT(was_last_header_empty);
diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c
index 028520373..ac836dcdf 100644
--- a/src/tool_urlglob.c
+++ b/src/tool_urlglob.c
@@ -124,17 +124,21 @@ static CURLcode glob_set(struct URLGlob *glob, const char **patternp,
       /* add 1 to size since it will be incremented below */
       if(multiply(amount, pat->c.set.size + 1))
         return globerror(glob, "range overflow", 0, CURLE_URL_MALFORMAT);
-
+      done = TRUE;
       FALLTHROUGH();
     case ',':
       if(pat->c.set.elem) {
-        char **new_arr = realloc(pat->c.set.elem,
-                                 (size_t)(pat->c.set.size + 1) *
-                                 sizeof(char *));
-        if(!new_arr)
+        char **arr;
+
+        if(pat->c.set.size >= (curl_off_t)(SIZE_MAX/(sizeof(char *))))
+          return globerror(glob, "range overflow", 0, CURLE_URL_MALFORMAT);
+
+        arr = realloc(pat->c.set.elem, (size_t)(pat->c.set.size + 1) *
+                      sizeof(char *));
+        if(!arr)
           return globerror(glob, NULL, 0, CURLE_OUT_OF_MEMORY);
 
-        pat->c.set.elem = new_arr;
+        pat->c.set.elem = arr;
       }
       else
         pat->c.set.elem = malloc(sizeof(char *));
@@ -149,14 +153,9 @@ static CURLcode glob_set(struct URLGlob *glob, const char **patternp,
       ++pat->c.set.size;
       curlx_dyn_reset(&glob->buf);
 
-      if(*pattern == '}') {
-        pattern++; /* pass the closing brace */
-        done = TRUE;
-        continue;
-      }
-
       ++pattern;
-      ++(*posp);
+      if(!done)
+        ++(*posp);
       break;
 
     case ']':                           /* illegal closing bracket */
@@ -424,10 +423,13 @@ static CURLcode glob_parse(struct URLGlob *glob, const char *pattern,
     if(++glob->size >= glob->palloc) {
       struct URLPattern *np = NULL;
       glob->palloc *= 2;
-      if(glob->size < 10000) /* avoid ridiculous amounts */
+      if(glob->size < 255) { /* avoid ridiculous amounts */
         np = realloc(glob->pattern, glob->palloc * sizeof(struct URLPattern));
-      if(!np)
-        return globerror(glob, NULL, pos, CURLE_OUT_OF_MEMORY);
+        if(!np)
+          return globerror(glob, NULL, pos, CURLE_OUT_OF_MEMORY);
+      }
+      else
+        return globerror(glob, "too many {} sets", pos, CURLE_URL_MALFORMAT);
       glob->pattern = np;
     }
   }
diff --git a/src/tool_writeout.c b/src/tool_writeout.c
index 0a610de79..225cf91fd 100644
--- a/src/tool_writeout.c
+++ b/src/tool_writeout.c
@@ -361,8 +361,8 @@ static int writeString(FILE *stream, const struct writeoutvar *wovar,
       break;
     case VAR_ERRORMSG:
       if(per_result) {
-        strinfo = (per->errorbuffer && per->errorbuffer[0]) ?
-          per->errorbuffer : curl_easy_strerror(per_result);
+        strinfo = (per->errorbuffer[0]) ? per->errorbuffer :
+          curl_easy_strerror(per_result);
         valid = true;
       }
       break;