php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54866 incorrect accounting for realpath_cache_size
Submitted: 2011-05-19 22:04 UTC Modified: 2011-05-20 01:10 UTC
From: dustin dot ward1 at gmail dot com Assigned: rasmus
Status: Closed Package: *Directory/Filesystem functions
PHP Version: 5.3.6 OS: Linux
Private report: No CVE-ID:
 [2011-05-19 22:04 UTC] dustin dot ward1 at gmail dot com
Description:
------------
When items are removed from the realpath_cache, if the path is the same as the 
realpath, then the incorrect size is subtracted from realpath_cache_size.

This is due to the "realpath_cache_add" function. If the realpath and the path are 
the same, then an optimization occurs where bucket->realpath is assigned to the 
same location as bucket->path (so there's no copy being done). The size added to 
realpath_cache_size takes this into account, but not when removing.

This can cause the size to be incorrect and also be negative.

I've submitted a patch and some test code.

Test script:
---------------
<?php

// set the ini options to more easily reproduce
// realpath_cache_ttl = 1
// realpath_cache_siz = 16K

for($i = 0; $i < 5000; $i++) {
    file_put_contents("/tmp/foo-$i.txt", "");
    clearstatcache(true, "/tmp/foo-$i.txt");
    echo "$i - stat cache is: ".realpath_cache_size()."\n";

    if(realpath_cache_size() < 0) {
        print "Hit realpath_cache_size bug\n";
        break;
    }
}

// clean up created files
for ($x = 0; $x < $i; $x++) {
    unlink("/tmp/foo-$x.txt");
}


Expected result:
----------------
If bug is present it should output 'Hit realpath_cache_size bug'



Patches

realpath_cache_accounting_bug (last revision 2011-05-19 20:05 UTC) by dustin dot ward1 at gmail dot com)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-05-20 01:10 UTC] rasmus@php.net
Automatic comment from SVN on behalf of rasmus
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=311274
Log: Fix bug 54866
 [2011-05-20 01:10 UTC] rasmus@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: rasmus
 [2011-05-20 01:10 UTC] rasmus@php.net
Thank you very much for the concise bug report and clean patch. It has been 
applied to all active branches. If you come across anything else, please go to 
http://php.net/svn-php.php to get an SVN account so you can commit the fixes 
yourself.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 01:01:59 2014 UTC