php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #64935 Huge memory usage on unknown Content-Type
Submitted: 2013-05-28 10:07 UTC Modified: 2014-11-19 12:29 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: julien at palard dot fr Assigned: mike (profile)
Status: Closed Package: Performance problem
PHP Version: 5.4.15 OS: GNU/Linux
Private report: No CVE-ID: None
 [2013-05-28 10:07 UTC] julien at palard dot fr
Description:
------------
When a POST have an unknwon Content-Type, the php_default_post_reader store the body of the request three times : 

 * In SG(request_info).post_data
 * In SET_VAR_STRINGL("HTTP_RAW_POST_DATA", ...
 * In SG(request_info).raw_post_data

So, getting a 500Mb request body result in a 1.5Gb memory usage, easily triggering a "memory limit exhausted" error.

Known content types are found in main/php_content_types.c and are "application/x-www-form-urlencoded" and "multipart/form-data", so this case is easily triggered.

This fact seems well known as we can read in main/php_content_types.c:59 :

/* for php://input stream:
some post handlers modify the content of request_info.post_data
so for now we need a copy for the php://input stream
in the long run post handlers should be changed to not touch
request_info.post_data for memory preservation reasons
*/

Solving this comment only fix 1/2 of the bug, keeping the body stored in two different locations, but it's a first step.

I only open this ticket to track the history of this issue, I do not really need it to be fixed.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-05-29 07:54 UTC] cataphract@php.net
Handing such large requests is better done with enable_post_data_reading=0
 [2014-11-19 12:29 UTC] mike@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: mike
 [2014-11-19 12:29 UTC] mike@php.net
PHP-5.6 uses a temp PHP stream to store the data.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 18:01:29 2024 UTC