--- java/org/apache/tomcat/util/buf/Ascii.java.orig	2014-06-16 13:31:00.031497000 -0400
+++ java/org/apache/tomcat/util/buf/Ascii.java	2014-06-16 13:40:15.667390000 -0400
@@ -40,6 +40,7 @@
     private static final boolean[] isWhite = new boolean[256];
     private static final boolean[] isDigit = new boolean[256];
 
+    private static final long OVERFLOW_LIMIT = Long.MAX_VALUE / 10;
     /*
      * Initialize character translation and type tables.
      */
@@ -206,20 +207,16 @@
         }
 
         long n = c - '0';
-        long m;
 
         while (--len > 0) {
-            if (!isDigit(c = b[off++])) {
+            if (isDigit(c = b[off++]) &&
+                    (n < OVERFLOW_LIMIT ||
+                     ( n == OVERFLOW_LIMIT && (c - '0') < 8))) {
+                n = n * 10 + c - '0';
+            } else {
                 throw new NumberFormatException();
             }
-            m = n * 10 + c - '0';
 
-            if (m < n) {
-                // Overflow
-                throw new NumberFormatException();
-            } else {
-                n = m;
-            }
         }
 
         return n;
--- webapps/docs/changelog.xml.orig	2014-06-16 13:31:00.067494000 -0400
+++ webapps/docs/changelog.xml	2014-06-16 13:42:21.284821000 -0400
@@ -59,6 +59,10 @@
   <subsection name="Catalina">
     <changelog>
       <fix>
+        CVE-2014-0099, Fix overflow when parsing long values from
+        byte array. (markt) Patch applied by Red Hat Jun 16 2014
+      </fix>
+      <fix>
         Fix CVE-2014-0050, a denial of service with a malicious, malformed
         Content-Type header and multipart request processing. Fixed by merging
         latest code (r1565163) from Commons FileUpload. (markt)