php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #42369 Implicit conversion to string leaks memory
Submitted: 2007-08-21 23:30 UTC Modified: 2008-01-31 22:05 UTC
Votes:2
Avg. Score:3.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: david at acz dot org Assigned:
Status: Closed Package: SimpleXML related
PHP Version: 5.2.3 OS: SuSE Linux
Private report: No CVE-ID:
 [2007-08-21 23:30 UTC] david at acz dot org
Description:
------------
Passing a SimpleXML string object to most builtin string functions causes a memory leak.

Reproduce code:
---------------
#!/usr/local/bin/php -d memory_limit=128M
<?
    $xml = '<?xml version="1.0" encoding="utf-8"?>';
    $x = simplexml_load_string($xml . "<q><x>foo</x></q>");

    echo "explicit conversion\n";
    for ($i = 0; $i < 1000000; $i++)
        md5(strval($x->x));

    echo "no conversion\n";
    for ($i = 0; $i < 1000000; $i++)
        md5($x->x);

    echo "done\n";
?>


Expected result:
----------------
$ ./crash.php
explicit conversion
no conversion
done


Actual result:
--------------
$ ./crash.php
explicit conversion
no conversion

Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 40 bytes) in /tmp/crash.php on line 12


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-08-23 01:02 UTC] stas@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows (zip):
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

For Windows (installer):

  http://snaps.php.net/win32/php5.2-win32-installer-latest.msi

couldn't reproduce on latest 5.2.4 RC
 [2007-08-23 15:32 UTC] david at acz dot org
I could reproduce on php5.2-200708231430 (32-bit).
 [2007-11-05 10:09 UTC] jfdsmit at gmail dot com
Could reproduce on 5.2.4 running on IIS6.0/W2k3. php5isapi.dll will crash inetinfo.exe and all IIS related stuff will cease to function. Explicitly casting every access to the SimpleXML object will fix random crashes.
 [2008-01-31 22:05 UTC] rrichards@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 23 18:01:55 2014 UTC