From: Anatol Belski <ab@php.net>
Date: Wed, 14 Aug 2013 16:59:46 +0000 (+0200)
Subject: Fix to file uploads >2G with size overflow
X-Git-Tag: php-5.6.0alpha1~297
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9d4e5b0dbab21ecba3536136ce8241862fa813b0;p=php

Fix to file uploads >2G with size overflow

Represent the file size as string when the total size would overflow
LONG_MAX. Otherwise while file itself were uploaded, the size would
be shown wrong. This mostly applies to systems with 32 bit long.
---

diff --git a/main/rfc1867.c b/main/rfc1867.c
index 3c160702ae..498b59725c 100644
--- a/main/rfc1867.c
+++ b/main/rfc1867.c
@@ -1215,17 +1215,32 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
 
 			{
 				zval file_size, error_type;
+				int size_overflow = 0;
+				char file_size_buf[65];
 
-				error_type.value.lval = cancel_upload;
-				error_type.type = IS_LONG;
+				ZVAL_LONG(&error_type, cancel_upload);
 
 				/* Add $foo[error] */
 				if (cancel_upload) {
-					file_size.value.lval = 0;
-					file_size.type = IS_LONG;
+					ZVAL_LONG(&file_size, 0);
 				} else {
-					file_size.value.lval = total_bytes;
-					file_size.type = IS_LONG;
+					if (total_bytes > LONG_MAX) {
+#ifdef PHP_WIN32
+						if (_i64toa_s(total_bytes, file_size_buf, 65, 10)) {
+							file_size_buf[0] = '0';
+							file_size_buf[1] = '\0';
+						}
+#else
+						{
+							int __len = snprintf(file_size_buf, 65, "%lld", total_bytes);
+							file_size_buf[__len] = '\0';
+						}
+#endif
+						size_overflow = 1;
+
+					} else {
+						ZVAL_LONG(&file_size, total_bytes);
+					}
 				}
 
 				if (is_arr_upload) {
@@ -1242,7 +1257,10 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
 					snprintf(lbuf, llen, "%s_size", param);
 				}
 				if (!is_anonymous) {
-					safe_php_register_variable_ex(lbuf, &file_size, NULL, 0 TSRMLS_CC);
+					if (size_overflow) {
+						ZVAL_STRING(&file_size, file_size_buf, 1);
+					}
+					safe_php_register_variable_ex(lbuf, &file_size, NULL, size_overflow TSRMLS_CC);
 				}
 
 				/* Add $foo[size] */
@@ -1251,7 +1269,10 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
 				} else {
 					snprintf(lbuf, llen, "%s[size]", param);
 				}
-				register_http_post_files_variable_ex(lbuf, &file_size, http_post_files, 0 TSRMLS_CC);
+				if (size_overflow) {
+					ZVAL_STRING(&file_size, file_size_buf, 1);
+				}
+				register_http_post_files_variable_ex(lbuf, &file_size, http_post_files, size_overflow TSRMLS_CC);
 			}
 			efree(param);
 		}