php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #35794 str_pad doesn't check parameters
Submitted: 2005-12-24 16:14 UTC Modified: 2005-12-24 23:11 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 1 (0.0%)
From: reboot at gmx dot ch Assigned:
Status: Wont fix Package: Strings related
PHP Version: 4.4.1 OS: Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2005-12-24 16:14 UTC] reboot at gmx dot ch
Description:
------------
str_pad should check it's parameters. With wrong parameters it is possible to cause an out of memory error. This problem also sometimes causes the PHP script to die completely and only leave an error in the apache error log, no out of memory error  is reported by PHP.


Reproduce code:
---------------
<?                                                                                                                                                                                                                                                                                                                                              str_pad("", log10(0), " ");                                                                                                                                                                                                                                                                                                                     ?>


Expected result:
----------------
Warning or error reported by PHP about wrong usage of str_pad for better debugging, not just an our of memory error or silent death of the PHP script.

Actual result:
--------------
Error in the apache log:

Allowed memory size of 8388608 bytes exhausted (tried to allocate 10 bytes)


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-12-24 16:22 UTC] tony2001@php.net
You're knowingly consuming all the memory available.
How exactly PHP should understand that you meant something else?
 [2005-12-24 20:21 UTC] reboot at gmx dot ch
Using -INF as the length of the target string is always impossible. I think this value should not be accepted instead of trying to allocate this much memory.

And there still remains the problem that PHP silently terminates the script without printing an error. I only found the reason why my script dies in the apache log.
 [2005-12-24 21:51 UTC] sniper@php.net
There are 1000 and 1 other ways too to consume all the available memory. Just don't do it.
 [2005-12-24 23:06 UTC] reboot at gmx dot ch
Of course that is correct. But even then the script should not just terminate without a message. And that is possible with this call. I once had an out of memory message with my test script, but when I tried to find out under which conditions str_pad outputs the message or silently dies it disappeared and I could not make it appear again. In the script where I discovered this behavior the out of memory message never appeared and it was really hard to find out why the script did not print anything anymore.
 [2005-12-24 23:11 UTC] tony2001@php.net
Apparently it happened because your kernel killed the process that started to consume too much memory.
Not much we can do about it.
Use --enable-memory-limit and you'll be able to set memory limit and see informative messages when you rich it.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Tue Jul 23 07:01:25 2019 UTC