- Stephen Collyer and Tor Arntsen helped identify a flaw in the range code

which output the range using a signed variable where it should rather use
  unsigned.

CHANGES

@@ -6,6 +6,13 @@
 
                                   Changelog
 
+Daniel Stenberg (30 Jun 2008)
+- Made the internal printf() support %llu properly to print unsigned long longs.
+
+- Stephen Collyer and Tor Arntsen helped identify a flaw in the range code
+  which output the range using a signed variable where it should rather use
+  unsigned.
+
 Yang Tse (29 Jun 2008)
 - John Lightsey filed bug report #1999181: "CLOCK_MONOTONIC always fails on
   some systems" (http://curl.haxx.se/bug/view.cgi?id=1999181). The problem was

RELEASE-NOTES

@@ -26,6 +26,7 @@ This release includes the following bugfixes:
  o RC4-MD5 cipher now works with NSS-built libcurl
  o range requests with --head are now done correctly
  o configure script misdetected monotonic clock availability
+ o range numbers could be made to wrongly get output as signed
 
 This release includes the following known bugs:
 
@@ -44,6 +45,7 @@ advice from friends like these:
 
  Lenny Rachitsky, Axel Tillequin, Arnaud Ebalard, Yang Tse, Dan Fandrich,
  Rob Crittenden, Dengminwen, Christopher Palow, Hans-Jurgen May,
- Phil Pellouchoud, Eduard Bloch, John Lightsey
+ Phil Pellouchoud, Eduard Bloch, John Lightsey, Stephen Collyer, Tor Arntsen
+
 
         Thanks! (and sorry if I forgot to mention someone)

lib/setup.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -139,16 +139,18 @@
 
 #ifndef SIZEOF_CURL_OFF_T
 /* If we don't know the size here, we assume a conservative size: 4. When
-   building libcurl, the actual size of this variable should be define in the
+   building libcurl, the actual size of this variable should be defined in the
    config*.h file. */
 #define SIZEOF_CURL_OFF_T 4
 #endif
 
-/* We set up our internal prefered (CURL_)FORMAT_OFF_T here */
+/* We set up our internal prefered (CURL_)FORMAT_OFF_T[U] here */
 #if SIZEOF_CURL_OFF_T > 4
 #define FORMAT_OFF_T "lld"
+#define FORMAT_OFF_TU "llu" /* the unsigned version */
 #else
 #define FORMAT_OFF_T "ld"
+#define FORMAT_OFF_TU "lu" /* thus unsigned version */
 #endif /* SIZEOF_CURL_OFF_T */
 
 #ifndef _REENTRANT

lib/url.c

@@ -3118,7 +3118,7 @@ static CURLcode setup_range(struct SessionHandle *data)
       free(s->range);
 
     if(s->resume_from)
-      s->range = aprintf("%" FORMAT_OFF_T "-", s->resume_from);
+      s->range = aprintf("%" FORMAT_OFF_TU "-", s->resume_from);
     else
       s->range = strdup(data->set.str[STRING_SET_RANGE]);