* Use apr_size_t instead of int to avoid an overflow

PR: 66034 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900307 13f79535-47bb-0310-9956-ffa450edef68
author: Ruediger Pluem <rpluem@apache.org> 2022-04-27 08:43:11 +0200
committer: Ruediger Pluem <rpluem@apache.org> 2022-04-27 08:43:11 +0200
commit: 499a90a672b6393941b093a24887bcd6aa4112b7 (patch)
tree: 68d96215c5a2890c549f9e8b84e01f663a11caec
parent: * Avoid an overflow on large inputs (diff)
download: apache2-499a90a672b6393941b093a24887bcd6aa4112b7.tar.xz
apache2-499a90a672b6393941b093a24887bcd6aa4112b7.zip
2 files changed, 3 insertions, 1 deletions
diff --git a/changes-entries/pr66034.txt b/changes-entries/pr66034.txt
new file mode 100644
index 0000000000..125cdc3f8e
--- /dev/null
+++ b/changes-entries/pr66034.txt
@@ -0,0 +1,2 @@
+  *) mod_substitute: Fix an integer overflow that can happen in very special
+     setups.  PR 66034 [Ruediger Pluem]
diff --git a/modules/filters/mod_substitute.c b/modules/filters/mod_substitute.c
index 58e696debb..19819b8f23 100644
--- a/modules/filters/mod_substitute.c
+++ b/modules/filters/mod_substitute.c
@@ -309,7 +309,7 @@ static apr_status_t do_pattmatch(ap_filter_t *f, apr_bucket *inb,
                     }
                 }
                 else if (script->regexp) {
-                    int left = bytes;
+                    apr_size_t left = bytes;
                     const char *pos = buff;
                     char *repl;
                     apr_size_t space_left = cfg->max_line_length;
author	Ruediger Pluem <rpluem@apache.org>	2022-04-27 08:43:11 +0200
committer	Ruediger Pluem <rpluem@apache.org>	2022-04-27 08:43:11 +0200
commit	499a90a672b6393941b093a24887bcd6aa4112b7 (patch)
tree	68d96215c5a2890c549f9e8b84e01f663a11caec
parent	* Avoid an overflow on large inputs (diff)
download	apache2-499a90a672b6393941b093a24887bcd6aa4112b7.tar.xz apache2-499a90a672b6393941b093a24887bcd6aa4112b7.zip