php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #80523 bogus parse error on >4GB source code
Submitted: 2020-12-16 03:22 UTC Modified: 2020-12-16 09:59 UTC
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: divinity76 at gmail dot com Assigned: nikic (profile)
Status: Closed Package: Reproducible crash
PHP Version: 7.4.13 OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: divinity76 at gmail dot com
New email:
PHP Version: OS:

 

 [2020-12-16 03:22 UTC] divinity76 at gmail dot com 
Description:
------------
it appears that PHP crash when trying to parse source code above 4GB in size,


notably the code below is not a syntax error if you change it to
$imax = (int)((1*1024*1024*1024)/strlen("'hello',"));

but if you just change the 1* to 4*, it's suddenly a "syntax error",
PS: don't recommend trying this on a system with less than 20GB ram, htop reported over 18GB ram while running..

Test script:
---------------
<?php
$str='<?php return array(';
$imax = (int)((4*1024*1024*1024)/strlen("'hello',"));
echo "generating..";
$str.=str_repeat("'hello',",$imax);
$str.=");";
echo "generated. writing.";
file_put_contents("wtf.php",$str);
echo "written. gcing";
unset($str);gc_collect_cycles(); // << dunno if that actually helps
echo ". done. including.";
require("wtf.php");


Expected result:
----------------
no syntax error

Actual result:
--------------
root@x2ratma:/temp/fag# time php fag.php 
generating..generated. writing.written. gcing. done. including.PHP Parse error:  syntax error, unexpected ''h' (T_ENCAPSED_AND_WHITESPACE), expecting ')' in /temp/fag/wtf.php on line 1

real	0m24.960s
user	0m4.927s
sys	0m17.147s
root@x2ratma:/temp/fag#

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-12-16 09:21 UTC] nikic@php.net 
Automatic comment on behalf of nikita.ppv@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=118ff03335d67c19817ff83d89e634fcd39275ff
Log: Fix bug #80523
 [2020-12-16 09:21 UTC] nikic@php.net
-Status: Open +Status: Closed
 [2020-12-16 09:29 UTC] divinity76 at gmail dot com 
nikic@php.net 
you said you get OOM killed before being able to test it?
 on how much ram? 
 i have a 64GB ram system to test on, 
 and a 128GB ram system is on the way (should be ready in a couple of days)
 [2020-12-16 09:59 UTC] nikic@php.net
-Assigned To: +Assigned To: nikic
 [2020-12-16 09:59 UTC] nikic@php.net 
@divinity76: I've tested this with 64GB RAM, which was not sufficient :) Maybe 128GB will be enough...
 [2021-01-27 20:52 UTC] divinity76+spam at gmail dot com 
@nikic indeed it was; seems about 76GB of ram is needed to test this bug, and the current php-8.1.0-dev is immune :) 


quote from testing on a 128GB ram system:



root@localhost:/temp# /usr/bin/time -v /temp/php-src/sapi/cli/php -r 'ini_set("memory_limit","-1");require("wtf.php");echo "it worked!";var_dump(memory_get_peak_usage(false),memory_get_peak_usage(true),memory_get_usage(false),memory_get_usage(true));'
it worked!int(90195052680)
int(90230177792)
int(391088)
int(17223909376)
        Command being timed: "/temp/php-src/sapi/cli/php -r ini_set("memory_limit","-1");require("wtf.php");echo "it worked!";var_dump(memory_get_peak_usage(false),memory_get_peak_usage(true),memory_get_usage(false),memory_get_usage(true));"
        User time (seconds): 330.95
        System time (seconds): 175.72
        Percent of CPU this job got: 96%
        Elapsed (wall clock) time (h:mm:ss or m:ss): 8:47.20
        Average shared text size (kbytes): 0
        Average unshared data size (kbytes): 0
        Average stack size (kbytes): 0
        Average total size (kbytes): 0
        Maximum resident set size (kbytes): 75538080
        Average resident set size (kbytes): 0
        Major (requiring I/O) page faults: 0
        Minor (reclaiming a frame) page faults: 48743267
        Voluntary context switches: 1
        Involuntary context switches: 8120
        Swaps: 0
        File system inputs: 0
        File system outputs: 0
        Socket messages sent: 0
        Socket messages received: 0
        Signals delivered: 0
        Page size (bytes): 4096
        Exit status: 0
root@localhost:/temp# du -h wtf.php
4.1G    wtf.php
root@localhost:/temp# head wtf.php
<?php return array('hello','hello','hello','hello','hello','hello','hello','hello','hello','hello','hello','hello','hello','hello','hello','hello','hello','hello','hello','hello','hello','hello','hello','hello','hello','hello','hello','hello','hello','hello','hello','hello',(capped)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Dec 03 16:01:33 2024 UTC