From: Ruediger Pluem <rpluem@apache.org>
Date: Wed, 27 Apr 2022 06:43:11 +0000 (+0000)
Subject: * Use apr_size_t instead of int to avoid an overflow
X-Git-Tag: 2.5.0-alpha2-ci-test-only~367
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=499a90a672b6393941b093a24887bcd6aa4112b7;p=thirdparty%2Fapache%2Fhttpd.git

* Use apr_size_t instead of int to avoid an overflow

PR: 66034


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900307 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/changes-entries/pr66034.txt b/changes-entries/pr66034.txt
new file mode 100644
index 00000000000..125cdc3f8e5
--- /dev/null
+++ b/changes-entries/pr66034.txt
@@ -0,0 +1,2 @@
+  *) mod_substitute: Fix an integer overflow that can happen in very special
+     setups.  PR 66034 [Ruediger Pluem]
diff --git a/modules/filters/mod_substitute.c b/modules/filters/mod_substitute.c
index 58e696debba..19819b8f23e 100644
--- a/modules/filters/mod_substitute.c
+++ b/modules/filters/mod_substitute.c
@@ -309,7 +309,7 @@ static apr_status_t do_pattmatch(ap_filter_t *f, apr_bucket *inb,
                     }
                 }
                 else if (script->regexp) {
-                    int left = bytes;
+                    apr_size_t left = bytes;
                     const char *pos = buff;
                     char *repl;
                     apr_size_t space_left = cfg->max_line_length;