PHP :: Bug #10384 :: read() buffer memory not freed

Bug #10384	read() buffer memory not freed
Submitted:	2001-04-18 15:27 UTC	Modified:	2001-05-17 10:38 UTC
From:	rod at 23net dot net	Assigned:
Status:	Closed	Package:	Sockets related
PHP Version:	4.0.4pl1	OS:	FreeBSD 4.2
Private report:	No	CVE-ID:	None

View Developer Edit

[2001-04-18 15:27 UTC] rod at 23net dot net

Using the  following code:

<?
/* Allow the script to hang around waiting for connections. */
	set_time_limit (0);
	
#####	Connect to DB
	mysql_connect('localhost','chatscript','jen481');

#####	Open log file
	$fp=fopen('chat_log','a');

$outMsgHeader="HTTP/1.1 200 OK\r\nDate: ";
$outMsgAfterDate=" GMT\r\nServer: PHP\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nContent-Type: text/html\r\n\r\n";
$outMsgFooter="\r\n\r\n";

$sock=open_listen_sock(1089);
if ($sock<0) 
{
	echo "socket() failed: reason: " . strerror ($sock) . "\n";
	exit;
}


if (($ret = listen ($sock, 5)) < 0) 
{
	echo "listen() failed: reason: " . strerror ($ret) . "\n";
	shutdown($sock,2);
	exit;
}

do 
{

    if (($msgsock = accept_connect($sock)) < 0)
    {
		echo "accept_connect() failed: reason: " . strerror ($msgsock) . "\n";
		shutdown($sock,2);
        exit;    
    }
	$ret=read($msgsock,$buf,2048);
	$isPost=strpos($buf,'POST');
	if ($isPost===false) 
	{
		$isGet=strpos($buf,'GET');
		if ($isGET===false) 
		{
			write($msgsock,' HTTP/1.1 405\r\n',13);
		}
		else 
		{
			$startQS=strpos($buf,'?')+1;
			$endQS=strpos($buf,' ',$startQS);
			$lenQS=$endQS-$startQS;
			$QS=substr($buf,$startQS,$lenQS);
		}
	}
	else 
	{
		do   
		{
			$ret=read($msgsock,$buf,2048);
			if (substr($buf,0,15)=="Content-length:") 
			{
				$conLen=substr($buf,16);
			}
		} while ($buf != "\n");

		// through with headers, now get actual content
		$ret=read($msgsock,$buf,$conLen);
		// $buf now contains the query string
		$QS=$buf;
	}
	$msgToSend=urlencode(procMsg($QS));
	$msgLen=dechex(strlen($msgToSend));
	$sendDate=gmdate('D, d M Y H:i:s');
	$send=$outMsgHeader.$sendDate.$msgLen."\r\n".$msgToSend.$outMsgFooter;
	write($msgsock,$send,strlen($send));
	$log=$sendDate."\t".$QS."\t".$msgToSend."\n";
	fwrite($fp,$log);
    close ($msgsock);
} while (true);
?>

(The function procMsg() is not relevent as for bug testing is set to return 'test')

Running this script causes memory to be consumed and not released with each connection.  I've narrowed the problem down to the read() function as I can affect the rate of memory consumption by modifying the length argument.  Evidently the buffer is not freed.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-05-03 13:33 UTC] rod at 23net dot net

Problem still exists in 4.0.5

The script originally uses ~2MB resident.  After connections are accepted it begins using memory in chunks specified in the read() function until it reaches ~6-6.5MB (varies with each run), at which time it continues to run without allocating more memory.

[2001-05-17 10:38 UTC] rod at 23net dot net

This problem appears to be FreeBSD specific.  Still exists with FreeBSD 4.3 but is non-existent on Slackware.

Interesting side note:  I had modified the code below and introduced a bug which caused Slackware to send a 0 length message.  That is this line:

write($msgsock,$send,strlen($send));

was changed to:

write($msgsock,$msgToSend,strlen($send));

and should have been:

write($msgsock,$msgToSend,strlen($msgToSend));

The variable $send was no longer defined resulting in the correct behavior under Slackware of sending no message, however under FreeBSD the full message was sent.

Since this appears to be a bug in the libraries under FreeBSD and NOT PHP related I'm closing the ticket.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 13:01:31 2024 UTC