What were you trying to do that didn't work?

during tests for our product, one of them was failing. Upon further investigation and more tests we managed to narrow it down to the apr-devel library shipped in RHEL10.

The failing version is 1.7.5.

We compiled 1.7.5 APR directly from Apache, the problem is not reproduced.

We also rebuilt the package from source and the bug was reproducible.

Finally, (ubuntu is shipped with libc-2.39 and apr-1.7.2) we had libc-2.39 + apr-1.7.5 testend on ubuntu24 and apr_strtoi64() is working as expected.

What is the impact of this issue to you?

Cannot ship binaries for RHEL10.

Please provide the package NVR for which the bug is seen:

apr-devel-1.7.5-2.el10.x86_64

How reproducible is this bug?: happens every time

Steps to reproduce

1. try to convert "9223372036854775808" (INT64_MAX+1) to int64 in base 10 with apr_strtoi64()
2. check for errno value
3. errno should be non-zero

Sample code in the file int.c

Expected results

On error apr_strtoi64() should change the value of errno to non-zero on error.

for the above sample code the expected value for errno should be 34.

Actual results

apr_strtoi64() is unable to detect overflow, therefore errno remains zero.

for the above sample code the actual value of errno is 0.

I am at your disposal for any questions.