Attached is the patch for bug #22805.
The problem is because the total length of buckets obtained in
each ap_get_brigade call isn't necessarily as long as expected by
SAPI_POST_READER_FUNC if more data are coming in the stream.
Moriyoshi
Index: sapi/apache2handler/sapi_apache2.c
===================================================================
RCS file: /repository/php4/sapi/apache2handler/sapi_apache2.c,v
retrieving revision 1.1.2.4
diff -u -r1.1.2.4 sapi_apache2.c
--- sapi/apache2handler/sapi_apache2.c 18 Mar 2003 01:24:57 -0000 1.1.2.4
+++ sapi/apache2handler/sapi_apache2.c 21 Mar 2003 21:32:38 -0000
@@ -149,32 +149,41 @@
static int
php_apache_sapi_read_post(char *buf, uint count_bytes TSRMLS_DC)
{
- apr_size_t len;
+ apr_size_t nbytes_left;
php_struct *ctx = SG(server_context);
request_rec *r;
apr_bucket_brigade *brigade;
apr_status_t rv;
+ char *ptr;
r = ctx->r;
brigade = ctx->brigade;
- len = count_bytes;
+ ptr = buf;
- rv = ap_get_brigade(r->input_filters, brigade, AP_MODE_READBYTES,
- APR_BLOCK_READ, len);
+ for (nbytes_left = (apr_size_t) count_bytes; nbytes_left > 0;) {
+ rv = ap_get_brigade(r->input_filters, brigade, AP_MODE_READBYTES,
+ APR_BLOCK_READ, (apr_off_t)
nbytes_left);
- if (rv == APR_SUCCESS) {
- apr_brigade_flatten(brigade, buf, &len);
- } else {
- len = 0;
+ if (rv == APR_SUCCESS) {
+ apr_size_t nbytes_read = nbytes_left;
+
+ rv = apr_brigade_flatten(brigade, ptr, &nbytes_read);
+
+ if (rv == APR_SUCCESS) {
+ ptr += nbytes_read;
+ nbytes_left -= nbytes_read;
+ }
+ apr_brigade_cleanup(brigade);
+
+ if (nbytes_read == 0) {
+ break;
+ }
+ } else {
+ break;
+ }
}
- apr_brigade_cleanup(brigade);
-
- /* This is downcast is okay, because len is constrained by
- * count_bytes and we know ap_get_brigade won't return more
- * than that.
- */
- return len;
+ return ((apr_size_t) count_bytes - nbytes_left);
}
static struct stat*
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
