|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #13612 Upload for files sometimes segfaults + patch
Submitted: 2001-10-09 10:06 UTC Modified: 2001-10-09 10:16 UTC
From: mw at sime dot com Assigned:
Status: Closed Package: HTTP related
PHP Version: 4.0.6 OS: Linux tropica1 2.2.19ext3
Private report: No CVE-ID: None
 [2001-10-09 10:06 UTC] mw at sime dot com
PHP crashes in rfc1867.c:173, because the variable "rem" is made smaller 2 bytes for every file upload input than it should. a hacky fix is to add the following line to the file rfc1867.c, around line 435:
  state = 0;
  rem -= (loc - ptr);
  ptr = loc;
+ rem = cnt - (buf - ptr);

but this is not enough imho. in line 173 it should be checked if "loc" is NULL.

I've a complete dump of the form-data and the apache environment, so contact me if you need further information.

Tested with PHP-4.0.6, Apache 1.3.12, Linux 2.2.19, IE 6.0 and NS 6.1


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2001-10-09 10:16 UTC]
This should be fixed in CVS. (and in PHP 4.0.7RC3)
So please try the latest CVS snapshot from and reopen this bug report if it doesn't work.


PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu Mar 04 07:01:26 2021 UTC