Fixed bug #40921 (php_default_post_reader crashes when post_max_size is

exceeded).

diff --git a/NEWS b/NEWS
index 6090b5dc8c21de02662e8cda321cb280f5a02219..72c36cba026cdb0489cd9331f954909ed0d63f8c 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -37,6 +37,8 @@ PHP                                                                        NEWS
 - Fixed zend_llist_remove_tail (Michael Wallner, Dmitry)
 - Fixed a thread safety issue in gd gif read code (Nuno, Roman Nemecek)
 - Fixed CVE-2007-1001, GD wbmp used with invalid image size (Pierre)
+- Fixed bug #40921 (php_default_post_reader crashes when post_max_size is
+  exceeded). (trickie at gmail dot com, Ilia)
 - Fixed bug #40915 (addcslashes unexpected behavior with binary input). (Tony)
 - Fixed bug #40899 (memory leak when nesting list()). (Dmitry)
 - Fixed bug #40883 (mysql_query() is allocating memory incorrectly). (Tony)

diff --git a/main/php_content_types.c b/main/php_content_types.c
index 922fc2c1572075395c3b19154b8812afa8cbbb5b..306645b6fa5c67854d9937c25b179312bcaf254b 100644 (file)
--- a/main/php_content_types.c
+++ b/main/php_content_types.c
@@ -42,7 +42,7 @@ SAPI_API SAPI_POST_READER_FUNC(php_default_post_reader)
 
        /* $HTTP_RAW_POST_DATA registration */
        if(!strcmp(SG(request_info).request_method, "POST")) {
-               if(NULL == SG(request_info).post_entry) {
+               if(NULL == SG(request_info).post_entry && SG(request_info).post_data) {
                        /* no post handler registered, so we just swallow the data */
                        sapi_read_standard_form_data(TSRMLS_C);
                        length = SG(request_info).post_data_length;