php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #77283 memory exhausted when unserialize data
Submitted: 2018-12-11 16:16 UTC Modified: 2020-05-11 10:52 UTC
From: jasonxiale at mail dot ru Assigned: nikic (profile)
Status: Closed Package: Class/Object related
PHP Version: master-Git-2018-12-11 (Git) OS: Linux(4.15.0-42-generic)
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: jasonxiale at mail dot ru
New email:
PHP Version: OS:

 

 [2018-12-11 16:16 UTC] jasonxiale at mail dot ru 
Description:
------------
when fuzzing php unserialize function using command as:
./sapi/cli/php  -r 'unserialize(file_get_contents("php://stdin"));' < basic_fuzz/fuzzer11/crashes/id\:000000\,sig\:06\,src\:000158+000528\,op\:splice\,rep\:2

I got an error:
Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 42949672960 bytes) in Command line code on line 1


Test script:
---------------
the base64-ed input is like
base64 basic_fuzz/fuzzer11/crashes/id\:000000\,sig\:06\,src\:000158+000528\,op\:splice\,rep\:2 
YTozOntpOjA7YToyOntpOjA7TzoxOiIxIjowNzc3Nzc3Nzc3Ojc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3
Nzc3Nzc3Nzc3Nzc7ASkxOip//yI3Nzc3NzQiO31pOkk7YToyOntpOjA7aVwxO2k3N6UXMSNpAAAA
AX0=

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-05-11 10:52 UTC] nikic@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: nikic
 [2020-05-11 10:52 UTC] nikic@php.net 
This has been addressed in the meantime, unserialize() no longer allows allocations larger than the payload size.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Dec 27 00:01:30 2024 UTC