|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73539 memcache session handler with two backend servers Fatal Error (out of memory)
Submitted: 2016-11-16 09:53 UTC Modified: 2021-03-25 16:39 UTC
Avg. Score:4.9 ± 0.3
Reproduced:90 of 90 (100.0%)
Same Version:85 (94.4%)
Same OS:14 (15.6%)
From: php at bof dot de Assigned: cmb (profile)
Status: Closed Package: memcache (PECL)
PHP Version: 5.6.28 OS:
Private report: No CVE-ID: None
 [2016-11-16 09:53 UTC] php at bof dot de
Re-Report with better-suited Package (memcache), original bug report:

Using memcache 3.0.8 with 5.6.28 fails when more than one backend server is configured.

There was a change from 5.6.27 to 5.6.28 in ext/standard/url.c php_url_parse_ex which resulted in that regression. That function does not, in various places, work properly with the passed-in length parameter. The recent change, given the use in memcache_session.c, then results in a fatal memory error.

For test script etc. please see that other bug report.

The appended patch fixes the issue for me, by making, in memcache_session.c, an estrndup of the single server substring before passing it to php_url_parse_ex().

Private communication with nikic yesterday indicated that right now php_url_parse_ex is considered to fragile to be made length-safe, so please consider applying that patch to the memcache extension, and respinning a memcache-3.0.9 release.


memcache_session_parse_fix.patch (last revision 2016-11-16 09:54 UTC by php at bof dot de)

Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-01-12 16:44 UTC] carmstrong at trilliumit dot com
This issue also affects php 7.0.13. With php 7 on a 64 bit system memcached tries to allocate 2^64 bytes of memory and fails.
 [2017-01-13 18:17 UTC] mark-jones-xdf at zedwood dot com
This issue appears to also affect
in redis_session.c where it calls 
 url = php_url_parse_ex(save_path+i, j-i);
 [2017-03-10 07:47 UTC] daniel dot k at siteground dot com
Has this issue with Redis and Memcached been resolved. I don't see anything in the Redis PECL changelog:
 [2021-03-25 16:39 UTC]
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2021-03-25 16:39 UTC]
The official bug tracker for PECL/memcache is now at

So, if this is still an issue with either of the current memcache
versions (4 or 8), please file an issue there.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Jul 19 08:01:28 2024 UTC