|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #32371 [PATCH] php://input sometimes returns dupl data
Submitted: 2005-03-19 02:25 UTC Modified: 2005-11-17 20:44 UTC
From: phpint-bkrrym at skrt dot org Assigned: pollita (profile)
Status: Closed Package: Filesystem function related
PHP Version: 5CVS, 4CVS (2005-03-19) OS: *
Private report: No CVE-ID: None
 [2005-03-19 02:25 UTC] phpint-bkrrym at skrt dot org
Full description and PATCH for 5-CVS and 4.3.10 are here:

Both 5 and 4.3.10 have the problem (same code).

Because of a subtle buffer index bug, in some cases, the php://input stream returns incorrect data. 


If the php://input is parsed in 4000-byte chunks, the first corruption occurs at byte number 8193 (1-based). A chunk of the previous 192 bytes repeats there.  The same corruption happens periodically in the data if it is long enough.

The problem was discovered when directly parsing a POSTed XML with a long text-node.

Interestingly enough, reading the contents of php://input with file_get_contents and parsing the string works around the symptoms.

Reproduce code:
$s = simplexml_load_file('php://input');

sees the text node corrupted, whereas

$d = file_get_contents('php://input');
$s = simplexml_load_string($d);

does not.

Expected result:
should be the same in both cases

Actual result:
difference at byte number 8193 (1-based) from the begining of the xml.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2005-08-11 16:15 UTC]
Sara, could you take a look at this?
It seems ok, but I don't have time to verify it.
 [2005-11-17 20:44 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

While that fixes the observed problem, it actually still leaves a bug when filters are applied.  The root of the issue is how php://input treats stream->position.

I've applied a fix to branches 4.4, 5.0, 5.1, and HEAD.

If you'd like to try applying just this patch to test it out on your own system, it can be found at:

HEAD: r-1.51
5.1: r-
5.0: r-
4.4: r-
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Fri Dec 09 16:05:53 2022 UTC