W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2006

Large content size value [was: RE: Use of 1*DIGIT

From: David Morris <dwm@xpasc.com>
Date: Fri, 29 Dec 2006 14:30:42 -0800 (PST)
To: "Travis Snoozy (Volt)" <a-travis@microsoft.com>
cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <Pine.LNX.4.33.0612291400190.15165-100000@egate.xpasc.com>


Look at the bright side ... you got an error message from IE7 ....
in the long established tradition of clear messages, the message
even related to to problem.

IE6 is totally confused and ends up downloaning 451,140 bytes and
declares success ...

Dave Morris

On Fri, 29 Dec 2006, Travis Snoozy (Volt) wrote:

>
> Travis Snoozy said:
> > Justin Erenkrantz said:
> > > On 12/21/06, Travis Snoozy (Volt) <a-travis@microsoft.com> wrote:
> > > > Anyone know how Apache handles this, off the top of their heads?
> > > > Squid? Other servers? Clients?
> > >
> > > httpd 2.2 and newer parses incoming Content-Length as an off_t which
> > > if LFS is enabled is 64-bit, otherwise, it'd be 32-bit.  (Almost all
> > > modern platforms are LFS-enabled these days.)  1.3 and 2.0 use 'long'.
> > >
> >>http://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/http/http_filters.c
> > >
> > > See the call to apr_strtoff() there.
> >
> > Ah; thank you! So, half of my guess was right, and the other half was
> > wrong: the most widely-used server on the 'net does not use bignums here,
> > but the code DOES consider the overflow condition (in the case of content-
> > length, at least). The underlying functions (strtol/strtoi) are also
> > specified to saturate, as opposed to wrap, so that's a plus, too.
> >
> > Can anyone clue me in on Firefox?
>
> I've answered my own question through a little empirical testing.
> Here's a response to
> "HEAD http://cdimage.debian.org/debian-cd/3.1_r4/i386/iso-dvd/debian-31r4-i386-binary-1.iso
HTTP/1.1" (no headers):
>
> HTTP/1.1 200 OK
> Connection: Keep-Alive
> Content-Length: 4683952128
> Age: 4683
> Expires: Sat, 30 Dec 2006 19:49:30 GMT
> Date: Fri, 29 Dec 2006 21:07:33 GMT
> Content-Type: application/octet-stream
> ETag: "19987f7-1172f7000-4225dbbfc0000"
> Server: Apache/2.2.3 (Unix)
> Last-Modified: Thu, 16 Nov 2006 14:04:48 GMT
> Accept-Ranges: bytes
> Keep-Alive: timeout=5, max=1000
>
>
> (I stripped some proxy info. I promise it was valid :)
>
> IE7 (!) on 32-bit Windows XP chokes (I don't have the equipment to try the 64-bit version). It will not download this file, very probably because of the Content-Length. The error message is:
>
>
> Internet Explorer cannot download [...the file...] from cdimage.debian.org
>
> The supplied HTTP header is invalid
>
>
> Note: invalid. There is nothing actually invalid about the above headers. It's just that content-length is bigger than 32 bits can handle. Firefox (2.0.0.1), however, gets it right and downloads the file.
>
> So, this is a problem. It's very, very, very unfortunate that the IE7 folks let this one slip through. However, this is _exactly_ what I expected to happen, because the behavior is unspecified, and clients tend to not want to work on things bigger than a native word.
>
> I'd be interested to hear if this problem exists on earlier versions of IE, because that has ramifications about how servers should go about serving huge files (mostly because IE has such a large installed base). If this happens with other clients, that would be good to know, too.
>
>
> -- Travis
>
Received on Friday, 29 December 2006 22:30:59 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:53 GMT