From fdbbef63728338226ac0abf3188c98ebd18261bb Mon Sep 17 00:00:00 2001
From: Paul Holden <paulh@moodle.com>
Date: Wed, 28 Apr 2021 20:05:16 +0100
Subject: [PATCH] MDL-71487 admin: ensure filesize settings don't overflow
 integer.

---
 admin/classes/local/settings/filesize.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/admin/classes/local/settings/filesize.php b/admin/classes/local/settings/filesize.php
index 3352f1ec375..4af33f5b67a 100644
--- a/admin/classes/local/settings/filesize.php
+++ b/admin/classes/local/settings/filesize.php
@@ -126,6 +126,7 @@ class filesize extends \admin_setting {
         if (is_null($bytes)) {
             return null;
         }
+        $bytes = intval($bytes);
 
         return self::parse_bytes($bytes);
     }
@@ -145,9 +146,10 @@ class filesize extends \admin_setting {
             return get_string('errorsetting', 'admin');
         }
 
+        // Calculate size in bytes, ensuring we don't overflow PHP_INT_MAX.
         $bytes = $data['v'] * $data['u'];
+        $result = (is_int($bytes) && $this->config_write($this->name, $bytes));
 
-        $result = $this->config_write($this->name, $bytes);
         return ($result ? '' : get_string('errorsetting', 'admin'));
     }
 
-- 
2.11.4.GIT