[php-maint] Bug#685383: Bug#685383: PHP cannot handle uploads bigger than 2GB

Ondřej Surý ondrej at debian.org
Thu Aug 23 07:20:58 UTC 2012

Hi Vasil,

I don't think the patch is correct as is, there are still places where
there is a mix of uints and longs, which needs to be corrected.  Also
it's quite late to include patch which changes data structures with
unknown impact, also see Stas's comment:

> [2012-02-23 19:14 UTC] stas at php.net
> It's probably too late for 5.4, but would be OK for trunk. The patch however
> needs to be cleaned up (no IGNORE vars, etc.) and changing signature for
> zend_atoi may not be safe if any code out there presumes it returns int (integer
> overflow). Also, no reason to use signed long there where we used unsigned long.

Thus I am not going to include it in wheezy.


On Mon, Aug 20, 2012 at 1:23 PM, Vasil Kolev <vasil at ludost.net> wrote:
> Package: php5
> Version: 5.3.3-7+squeeze14
> Tags: patch, upstream, lfs
> PHP doesn't support uploads of files bigger than 2GB. It's a known bug
> in upstream - https://bugs.php.net/bug.php?id=44522 - but the fix still
> isn't in and there doesn't seem to be any answer.
> Right now I'm running with the patch from above, tweaked a bit to apply
> to the PHP in squeeze, which I'm attaching. A part of it (the conversion
> from atoi() to atol() ) is already included in the php5 package in
> testing (version 5.4.4-4) but the rest doesn't seem to be there. The
> patch is kludgy and I'd agree to fix it up a bit if there's the
> possibility to be accepted.
> This is reproducible with setting in php.ini the upload_max_filesize to
> something more than 2GB, post_max_size to the same value, having the
> following code in a php file:
> <?
> if (!move_uploaded_file($file['tmp_name'], "/tmp/testfile")) {
>         echo "doesn't work";
> } else {
>         echo "works";
> }
> @unlink("/tmp/testfile");
> ?>
> And running from somewhere
> dd if=/dev/zero of=bigf bs=1M count=4099
> curl -F file=@bigf  'http://some.server.addr/upload.php'
> (fixing the url to reflect the position of the php file)
> As for the reason for this, a lot of sites (including mine) actually
> need this kind of upload, as there's no good way to push files to it
> otherwise (I've seen suggestions to use FTP) that the users can easily
> use. With the proliferation of big video files, there's a lot of stuff
> people want to upload which goes above these limits.
> --
> Regards,
> Vasil Kolev
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint

Ondřej Surý <ondrej at sury.org>

More information about the pkg-php-maint mailing list