Edit report at https://bugs.php.net/bug.php?id=60205&edit=1
ID: 60205 Comment by: larue...@php.net Reported by: larue...@php.net Summary: possible integer overflow in content_length Status: Closed Type: Bug Package: *General Issues PHP Version: 5.3.8 Assigned To: laruence Block user comment: N Private report: N New Comment: fix revision: http://svn.php.net/viewvc?view=revision&revision=318718 Previous Comments: ------------------------------------------------------------------------ [2011-11-03 07:26:40] larue...@php.net This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. For Windows: http://windows.php.net/snapshots/ Thank you for the report, and for helping us make PHP better. ------------------------------------------------------------------------ [2011-11-03 07:12:07] larue...@php.net actullay this cause the upload progress(also apc, session upload progress) return wrong message when try to uploading bigger than 4GB file in 64-bit OS. change atoi to atol can make this more sense(long content_length in the request_info struct defination) ------------------------------------------------------------------------ [2011-11-03 07:04:26] larue...@php.net Description: ------------ in php_apache_request_ctor (sapi/apache2handler/sapi_apache2.c) SG(request_info).content_length = (content_length ? atoi(content_length) : 0); so when the content_length exceed INT_MAX, the content_length will be a wrong value. Test script: --------------- none Expected result: ---------------- none Actual result: -------------- none ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=60205&edit=1
