--- Begin Message ---
Package: php5
Version: 5.3.3-7+squeeze14
Tags: patch, upstream, lfs
PHP doesn't support uploads of files bigger than 2GB. It's a known bug
in upstream - https://bugs.php.net/bug.php?id=44522 - but the fix still
isn't in and there doesn't seem to be any answer.
Right now I'm running with the patch from above, tweaked a bit to apply
to the PHP in squeeze, which I'm attaching. A part of it (the conversion
from atoi() to atol() ) is already included in the php5 package in
testing (version 5.4.4-4) but the rest doesn't seem to be there. The
patch is kludgy and I'd agree to fix it up a bit if there's the
possibility to be accepted.
This is reproducible with setting in php.ini the upload_max_filesize to
something more than 2GB, post_max_size to the same value, having the
following code in a php file:
<?
if (!move_uploaded_file($file['tmp_name'], "/tmp/testfile")) {
echo "doesn't work";
} else {
echo "works";
}
@unlink("/tmp/testfile");
?>
And running from somewhere
dd if=/dev/zero of=bigf bs=1M count=4099
curl -F file=@bigf 'http://some.server.addr/upload.php'
(fixing the url to reflect the position of the php file)
As for the reason for this, a lot of sites (including mine) actually
need this kind of upload, as there's no good way to push files to it
otherwise (I've seen suggestions to use FTP) that the users can easily
use. With the proliferation of big video files, there's a lot of stuff
people want to upload which goes above these limits.
--
Regards,
Vasil Kolev
diff -ruN php5-5.3.3.orig/main/rfc1867.c php5-5.3.3/main/rfc1867.c
--- php5-5.3.3.orig/main/rfc1867.c 2010-03-18 22:37:25.000000000 +0000
+++ php5-5.3.3/main/rfc1867.c 2012-08-16 12:55:20.191343090 +0000
@@ -764,7 +764,8 @@
{
char *boundary, *s = NULL, *boundary_end = NULL, *start_arr = NULL, *array_index = NULL;
char *temp_filename = NULL, *lbuf = NULL, *abuf = NULL;
- int boundary_len = 0, total_bytes = 0, cancel_upload = 0, is_arr_upload = 0, array_len = 0;
+ int boundary_len = 0, cancel_upload = 0, is_arr_upload = 0, array_len = 0;
+ long total_bytes = 0;
int max_file_size = 0, skip_upload = 0, anonindex = 0, is_anonymous;
zval *http_post_files = NULL;
HashTable *uploaded_files = NULL;
diff -ruN php5-5.3.3.orig/main/SAPI.h php5-5.3.3/main/SAPI.h
--- php5-5.3.3.orig/main/SAPI.h 2010-03-18 22:37:25.000000000 +0000
+++ php5-5.3.3/main/SAPI.h 2012-08-16 12:56:43.563342213 +0000
@@ -82,7 +82,7 @@
char *post_data, *raw_post_data;
char *cookie_data;
long content_length;
- uint post_data_length, raw_post_data_length;
+ uint IGNORE_post_data_length, IGNORE_raw_post_data_length;
char *path_translated;
char *request_uri;
@@ -113,6 +113,7 @@
int argc;
char **argv;
int proto_num;
+ long post_data_length, raw_post_data_length;
} sapi_request_info;
@@ -120,7 +121,7 @@
void *server_context;
sapi_request_info request_info;
sapi_headers_struct sapi_headers;
- int read_post_bytes;
+ long read_post_bytes;
unsigned char headers_sent;
struct stat global_stat;
char *default_mimetype;
diff -ruN php5-5.3.3.orig/sapi/apache/mod_php5.c php5-5.3.3/sapi/apache/mod_php5.c
--- php5-5.3.3.orig/sapi/apache/mod_php5.c 2010-03-12 10:28:59.000000000 +0000
+++ php5-5.3.3/sapi/apache/mod_php5.c 2012-08-16 12:57:54.471343210 +0000
@@ -533,7 +533,7 @@
SG(request_info).request_uri = r->uri;
SG(request_info).request_method = (char *)r->method;
SG(request_info).content_type = (char *) table_get(r->subprocess_env, "CONTENT_TYPE");
- SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
+ SG(request_info).content_length = (content_length ? atol(content_length) : 0);
SG(sapi_headers).http_response_code = r->status;
SG(request_info).proto_num = r->proto_num;
diff -ruN php5-5.3.3.orig/sapi/apache2filter/sapi_apache2.c php5-5.3.3/sapi/apache2filter/sapi_apache2.c
--- php5-5.3.3.orig/sapi/apache2filter/sapi_apache2.c 2010-02-05 18:59:05.000000000 +0000
+++ php5-5.3.3/sapi/apache2filter/sapi_apache2.c 2012-08-16 12:58:55.867343008 +0000
@@ -420,7 +420,7 @@
efree(content_type);
content_length = (char *) apr_table_get(f->r->headers_in, "Content-Length");
- SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
+ SG(request_info).content_length = (content_length ? atol(content_length) : 0);
apr_table_unset(f->r->headers_out, "Content-Length");
apr_table_unset(f->r->headers_out, "Last-Modified");
diff -ruN php5-5.3.3.orig/sapi/apache2handler/sapi_apache2.c php5-5.3.3/sapi/apache2handler/sapi_apache2.c
--- php5-5.3.3.orig/sapi/apache2handler/sapi_apache2.c 2010-05-04 09:51:03.000000000 +0000
+++ php5-5.3.3/sapi/apache2handler/sapi_apache2.c 2012-08-16 12:59:27.399379866 +0000
@@ -484,7 +484,7 @@
r->no_local_copy = 1;
content_length = (char *) apr_table_get(r->headers_in, "Content-Length");
- SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
+ SG(request_info).content_length = (content_length ? atol(content_length) : 0);
apr_table_unset(r->headers_out, "Content-Length");
apr_table_unset(r->headers_out, "Last-Modified");
diff -ruN php5-5.3.3.orig/sapi/apache_hooks/mod_php5.c php5-5.3.3/sapi/apache_hooks/mod_php5.c
--- php5-5.3.3.orig/sapi/apache_hooks/mod_php5.c 2010-03-12 10:28:59.000000000 +0000
+++ php5-5.3.3/sapi/apache_hooks/mod_php5.c 2012-08-16 12:59:59.679342329 +0000
@@ -587,7 +587,7 @@
SG(request_info).request_method = (char *)r->method;
SG(request_info).proto_num = r->proto_num;
SG(request_info).content_type = (char *) table_get(r->subprocess_env, "CONTENT_TYPE");
- SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
+ SG(request_info).content_length = (content_length ? atol(content_length) : 0);
SG(sapi_headers).http_response_code = r->status;
if (r->headers_in) {
diff -ruN php5-5.3.3.orig/sapi/cgi/cgi_main.c php5-5.3.3/sapi/cgi/cgi_main.c
--- php5-5.3.3.orig/sapi/cgi/cgi_main.c 2010-06-29 11:37:13.000000000 +0000
+++ php5-5.3.3/sapi/cgi/cgi_main.c 2012-08-16 13:03:46.391343148 +0000
@@ -491,7 +491,7 @@
uint read_bytes = 0;
int tmp_read_bytes;
- count_bytes = MIN(count_bytes, (uint) SG(request_info).content_length - SG(read_post_bytes));
+ count_bytes = MIN(count_bytes, SG(request_info).content_length - SG(read_post_bytes));
while (read_bytes < count_bytes) {
if (fcgi_is_fastcgi()) {
fcgi_request *request = (fcgi_request*) SG(server_context);
@@ -1350,7 +1350,7 @@
/* FIXME - Work out proto_num here */
SG(request_info).query_string = sapi_cgibin_getenv("QUERY_STRING", sizeof("QUERY_STRING")-1 TSRMLS_CC);
SG(request_info).content_type = (content_type ? content_type : "" );
- SG(request_info).content_length = (content_length ? atoi(content_length) : 0);
+ SG(request_info).content_length = (content_length ? atol(content_length) : 0);
/* The CGI RFC allows servers to pass on unvalidated Authorization data */
auth = sapi_cgibin_getenv("HTTP_AUTHORIZATION", sizeof("HTTP_AUTHORIZATION")-1 TSRMLS_CC);
diff -ruN php5-5.3.3.orig/Zend/zend_operators.c php5-5.3.3/Zend/zend_operators.c
--- php5-5.3.3.orig/Zend/zend_operators.c 2010-06-26 17:14:33.000000000 +0000
+++ php5-5.3.3/Zend/zend_operators.c 2012-08-16 13:04:34.719342959 +0000
@@ -45,9 +45,9 @@
#define TYPE_PAIR(t1,t2) (((t1) << 4) | (t2))
-ZEND_API int zend_atoi(const char *str, int str_len) /* {{{ */
+ZEND_API long zend_atoi(const char *str, int str_len) /* {{{ */
{
- int retval;
+ long retval;
if (!str_len) {
str_len = strlen(str);
diff -ruN php5-5.3.3.orig/Zend/zend_operators.h php5-5.3.3/Zend/zend_operators.h
--- php5-5.3.3.orig/Zend/zend_operators.h 2010-01-05 20:46:53.000000000 +0000
+++ php5-5.3.3/Zend/zend_operators.h 2012-08-16 13:04:53.903343143 +0000
@@ -321,7 +321,7 @@
ZEND_API void zend_compare_arrays(zval *result, zval *a1, zval *a2 TSRMLS_DC);
ZEND_API void zend_compare_objects(zval *result, zval *o1, zval *o2 TSRMLS_DC);
-ZEND_API int zend_atoi(const char *str, int str_len);
+ZEND_API long zend_atoi(const char *str, int str_len);
ZEND_API long zend_atol(const char *str, int str_len);
ZEND_API void zend_locale_sprintf_double(zval *op ZEND_FILE_LINE_DC);
signature.asc
Description: This is a digitally signed message part
--- End Message ---
