From 74843947f4273977fb7ba9bb1b6ddc7ec8eff706 Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Sat, 20 Apr 2024 20:03:48 +0100
Subject: [PATCH] sapi/cgi: fix buffer limit on windows.

MSDN recommends dropping the deprecated `read` in favor of `_read`.
Also, the buffer size limit is INT_MAX.

Close GH-14022
---
 NEWS                | 4 ++++
 main/fastcgi.c      | 4 ++--
 sapi/cgi/cgi_main.c | 4 ++--
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/NEWS b/NEWS
index f124c8e4ed5..570a1b7ad67 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,10 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? ????, PHP 8.2.20
 
+- CGI:
+  . Fixed buffer limit on Windows, replacing read call usage by _read.
+    (David Carlier)
+
 - DOM:
   . Fix crashes when entity declaration is removed while still having entity
     references. (nielsdos)
diff --git a/main/fastcgi.c b/main/fastcgi.c
index df309df9fdc..85e73f2d8bf 100644
--- a/main/fastcgi.c
+++ b/main/fastcgi.c
@@ -965,9 +965,9 @@ static inline ssize_t safe_read(fcgi_request *req, const void *buf, size_t count
 		tmp = count - n;
 
 		if (!req->tcp) {
-			unsigned int in_len = tmp > UINT_MAX ? UINT_MAX : (unsigned int)tmp;
+			unsigned int in_len = tmp > INT_MAX ? INT_MAX : (unsigned int)tmp;
 
-			ret = read(req->fd, ((char*)buf)+n, in_len);
+			ret = _read(req->fd, ((char*)buf)+n, in_len);
 		} else {
 			int in_len = tmp > INT_MAX ? INT_MAX : (int)tmp;
 
diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
index b45468031fc..1b95afd7acd 100644
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@@ -486,9 +486,9 @@ static size_t sapi_cgi_read_post(char *buffer, size_t count_bytes)
 	while (read_bytes < count_bytes) {
 #ifdef PHP_WIN32
 		size_t diff = count_bytes - read_bytes;
-		unsigned int to_read = (diff > UINT_MAX) ? UINT_MAX : (unsigned int)diff;
+		unsigned int to_read = (diff > INT_MAX) ? INT_MAX : (unsigned int)diff;
 
-		tmp_read_bytes = read(STDIN_FILENO, buffer + read_bytes, to_read);
+		tmp_read_bytes = _read(STDIN_FILENO, buffer + read_bytes, to_read);
 #else
 		tmp_read_bytes = read(STDIN_FILENO, buffer + read_bytes, count_bytes - read_bytes);
 #endif