php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #59099 http_build_cookie() exhausts memory if cookie value is NULL
Submitted: 2010-03-04 09:26 UTC Modified: 2010-04-27 09:43 UTC
From: justin dot forest at gmail dot com Assigned: mike (profile)
Status: Closed Package: pecl_http (PECL)
PHP Version: 5.3.1 OS: Ubuntu Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: justin dot forest at gmail dot com
New email:
PHP Version: OS:

 

 [2010-03-04 09:26 UTC] justin dot forest at gmail dot com 
Description:
------------
If cookie value is NULL, http_build_cookies() tries to 
allocate too much memory 
for some reason.

HTTP extension version is 1.6.6. I can reproduce this with 
PHP versions 5.2.8 and 
5.3.1 on Ubuntu, but not in 5.2.12 on FreeBSD.

Passing cookie value through strval() helps.

Reproduce code:
---------------
var_dump(http_build_cookie(array(
  'cookies' => array(
    'empty' => null,
    ),
)));

Expected result:
----------------
$ php -f test-cookies.php 
string(8) "empty=; "

Actual result:
--------------
$ php -f test-cookies.php 

Fatal error: Allowed memory size of 33554432 bytes exhausted 
(tried to allocate 
441559261 bytes) in .../test-cookies.php on line 7

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-04-27 09:43 UTC] mike@php.net 
This bug has been fixed in SVN.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 06:01:29 2024 UTC