php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #34321 convert.quoted-printable-encode exhausts memory
Submitted: 2005-08-31 19:33 UTC Modified: 2005-09-25 17:39 UTC
From: php at themrbubbles dot com Assigned:
Status: Closed Package: Filesystem function related
PHP Version: 5.1CVS-2005-08-31 OS: Red Hat Linux 3.2.3-42
Private report: No CVE-ID:
 [2005-08-31 19:33 UTC] php at themrbubbles dot com
Description:
------------
Using convert.quoted-printable-encode as an appended stream filter uses memory up to memory_limit and dies with an exhausted memory error.

Occurs in both 5.1.0RC1 and 5.0.3, untested with 5.0.4

5.1.0RC1 configure
'./configure' '--with-curl' '--with-curl-dir=/usr/local/lib' '--with-gd' '--with-gd-dir=/usr/local/lib' '--with-gettext' '--with-jpeg-dir=/usr/local/lib' '--with-kerberos' '--without-xml' '--disable-xml' '--disable-libxml' '--disable-simplexml' '--with-mcrypt=/usr' '--with-mysql=/usr' '--without-pear' '--disable-pear' '--with-png-dir=/usr/local/lib' '--with-zlib' '--with-zlib-dir=/usr/local/lib' '--with-calendar=shared' '--enable-exif' '--enable-trans-sid' '--disable-wddx' '--enable-inline-optimization' '--enable-memory-limit' '--enable-mbstring' '--with-imap=' '--with-mhash' '--with-imap-ssl' '--with-openssl=/usr' '--disable-dom' '--with-ldap' '--enable-bcmath' '--enable-calendar' '--enable-ftp' '--enable-magic-quotes' '--enable-sockets' '--enable-track-vars' '--enable-freetype' '--enable-cgi'


Reproduce code:
---------------
<?php
// From http://us3.php.net/manual/en/filters.convert.php
$fp = fopen('php://output', 'w');
stream_filter_append($fp, 'convert.quoted-printable-encode');
fwrite($fp, "This is a test.\n");
/* Outputs:  =This is a test.=0A  */
?>


Expected result:
----------------
=This is a test.=0A

Actual result:
--------------
Allowed memory size of 104857600 bytes exhausted (tried to allocate 67108864 bytes)


run with php -n -d memory_limit=100M

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-08-31 19:49 UTC] johannes@php.net
I get a segfault with 5_1, HEAD seems to work. 
 
Program received signal SIGSEGV, Segmentation fault.  
0x402d8fcc in memcpy () from /lib/tls/libc.so.6  
(gdb) bt  
#0  0x402d8fcc in memcpy () from /lib/tls/libc.so.6  
#1  0x081996fa in php_conv_qprint_encode_convert  
(inst=0x83a58a4, in_pp=0xbfffc8d4, in_left_p=0xbfffc8a8,  
out_pp=0xbfffc8b4, out_left_p=0xbfffc8b8)  
     
at /home/johannes/src/php/cv/PHP_5_1/ext/standard/filters.c:880  
#2  0x08199e74 in strfilter_convert_append_bucket  
(inst=0x83aa034, stream=0x83a9ec4, filter=<value optimized  
out>, buckets_out=0xbfffc938,  
    ps=0x83aa174 "This is a test.\n", buf_len=16,  
consumed=0xbfffc8f8, persistent=0)  
at /home/johannes/src/php/cv/PHP_5_1/ext/standard/filters.c:1598  
#3  0x0819a223 in strfilter_convert_filter  
(stream=0x83a9ec4, thisfilter=0x83aa104,  
buckets_in=0xbfffc940, buckets_out=0xbfffc938,  
bytes_consumed=0xbfffc934, flags=0)  
     
at /home/johannes/src/php/cv/PHP_5_1/ext/standard/filters.c:1704  
#4  0x081b5e4f in _php_stream_write_filtered  
(stream=0x83a9ec4, buf=<value optimized out>, count=<value  
optimized out>, flags=0)  
     
at /home/johannes/src/php/cv/PHP_5_1/main/streams/streams.c:951  
#5  0x0815ac9b in zif_fwrite (ht=2,  
return_value=0x83a9d94, return_value_ptr=0x0,  
this_ptr=0x0, return_value_used=0)  
     
at /home/johannes/src/php/cv/PHP_5_1/ext/standard/file.c:1257  
#6  0x081fd03b in zend_do_fcall_common_helper_SPEC  
(execute_data=0xbfffca90) at zend_vm_execute.h:184  
#7  0x08247841 in execute (op_array=0x83a5804) at  
zend_vm_execute.h:87  
#8  0x081daccf in zend_execute_scripts (type=8,  
retval=0x0, file_count=3)  
at /home/johannes/src/php/cv/PHP_5_1/Zend/zend.c:1078  
#9  0x081a61ae in php_execute_script  
(primary_file=0xbfffef40)  
at /home/johannes/src/php/cv/PHP_5_1/main/main.c:1675  
#10 0x0824a025 in main (argc=1, argv=0xbffff014)  
at /home/johannes/src/php/cv/PHP_5_1/sapi/cli/php_cli.c:1039  
  
 [2005-09-25 15:27 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Fri Apr 18 13:02:15 2014 UTC