|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2017-04-10 19:44 UTC] stas@php.net
-Type: Security
+Type: Bug
[2017-04-11 10:47 UTC] laruence@php.net
[2017-04-11 10:47 UTC] laruence@php.net
-Status: Open
+Status: Closed
[2017-05-11 15:18 UTC] info at ihead dot ru
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sat Feb 22 17:01:28 2025 UTC |
Description: ------------ The test script hangs with eating one core completely. Even after the execution time limit is exceeded, php does not abort. I had to kill php-cgi.exe via task manager. This might allow DoS attacks to shared hosters where an attacker can upload its own code. I guess that there is a ping-pong between the error_handler and the exception_handler (deprecation warning of static call to non-static method and instanciating an object of unknown class). Test script: --------------- <?php // php.ini: error_reporting = E_ALL | E_DEPRECATED | E_STRICT class ErrorHandling { public function error_handler(int $errno, string $errstr, string $errfile, int $errline): void { $bla = new NonExistingClass2(); } public function exception_handler(Throwable $e): void { } } set_error_handler('ErrorHandling::error_handler'); set_exception_handler('ErrorHandling::exception_handler'); $blubb = new NonExistingClass(); Expected result: ---------------- Best case: printing an error message and stopping the script. At least I expect the script to be aborted after the execution time limit exceeds. Actual result: -------------- PHP runs eating a core fully without increasing its memory need until I kill php-cgi.exe via task manager.