W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2006

RE: Use of 1*DIGIT

From: Travis Snoozy (Volt) <a-travis@microsoft.com>
Date: Fri, 29 Dec 2006 13:41:36 -0800
To: Justin Erenkrantz <justin@erenkrantz.com>
CC: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <86EDC3963F04D546BED8996F77D290F6049D117D13@NA-EXMSG-C138.redmond.corp.microsoft.com>

Travis Snoozy said:
> Justin Erenkrantz said:
> > On 12/21/06, Travis Snoozy (Volt) <a-travis@microsoft.com> wrote:
> > > Anyone know how Apache handles this, off the top of their heads?
> > > Squid? Other servers? Clients?
> >
> > httpd 2.2 and newer parses incoming Content-Length as an off_t which
> > if LFS is enabled is 64-bit, otherwise, it'd be 32-bit.  (Almost all
> > modern platforms are LFS-enabled these days.)  1.3 and 2.0 use 'long'.
> >
> >
> > See the call to apr_strtoff() there.
> Ah; thank you! So, half of my guess was right, and the other half was
> wrong: the most widely-used server on the 'net does not use bignums here,
> but the code DOES consider the overflow condition (in the case of content-
> length, at least). The underlying functions (strtol/strtoi) are also
> specified to saturate, as opposed to wrap, so that's a plus, too.
> Can anyone clue me in on Firefox?

I've answered my own question through a little empirical testing. Here's a response to "HEAD http://cdimage.debian.org/debian-cd/3.1_r4/i386/iso-dvd/debian-31r4-i386-binary-1.iso HTTP/1.1" (no headers):

HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Length: 4683952128
Age: 4683
Expires: Sat, 30 Dec 2006 19:49:30 GMT
Date: Fri, 29 Dec 2006 21:07:33 GMT
Content-Type: application/octet-stream
ETag: "19987f7-1172f7000-4225dbbfc0000"
Server: Apache/2.2.3 (Unix)
Last-Modified: Thu, 16 Nov 2006 14:04:48 GMT
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=1000

(I stripped some proxy info. I promise it was valid :)

IE7 (!) on 32-bit Windows XP chokes (I don't have the equipment to try the 64-bit version). It will not download this file, very probably because of the Content-Length. The error message is:

Internet Explorer cannot download [...the file...] from cdimage.debian.org

The supplied HTTP header is invalid

Note: invalid. There is nothing actually invalid about the above headers. It's just that content-length is bigger than 32 bits can handle. Firefox (, however, gets it right and downloads the file.

So, this is a problem. It's very, very, very unfortunate that the IE7 folks let this one slip through. However, this is _exactly_ what I expected to happen, because the behavior is unspecified, and clients tend to not want to work on things bigger than a native word.

I'd be interested to hear if this problem exists on earlier versions of IE, because that has ramifications about how servers should go about serving huge files (mostly because IE has such a large installed base). If this happens with other clients, that would be good to know, too.

-- Travis
Received on Friday, 29 December 2006 21:41:57 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:40 UTC