|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73539 memcache session handler with two backend servers Fatal Error (out of memory)
Submitted: 2016-11-16 09:53 UTC Modified: -
Avg. Score:4.9 ± 0.3
Reproduced:90 of 90 (100.0%)
Same Version:85 (94.4%)
Same OS:14 (15.6%)
From: php at bof dot de Assigned:
Status: Open Package: memcache (PECL)
PHP Version: 5.6.28 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
Solve the problem:
38 - 13 = ?
Subscribe to this entry?

 [2016-11-16 09:53 UTC] php at bof dot de
Re-Report with better-suited Package (memcache), original bug report:

Using memcache 3.0.8 with 5.6.28 fails when more than one backend server is configured.

There was a change from 5.6.27 to 5.6.28 in ext/standard/url.c php_url_parse_ex which resulted in that regression. That function does not, in various places, work properly with the passed-in length parameter. The recent change, given the use in memcache_session.c, then results in a fatal memory error.

For test script etc. please see that other bug report.

The appended patch fixes the issue for me, by making, in memcache_session.c, an estrndup of the single server substring before passing it to php_url_parse_ex().

Private communication with nikic yesterday indicated that right now php_url_parse_ex is considered to fragile to be made length-safe, so please consider applying that patch to the memcache extension, and respinning a memcache-3.0.9 release.


memcache_session_parse_fix.patch (last revision 2016-11-16 09:54 UTC by php at bof dot de)

Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-01-12 16:44 UTC] carmstrong at trilliumit dot com
This issue also affects php 7.0.13. With php 7 on a 64 bit system memcached tries to allocate 2^64 bytes of memory and fails.
 [2017-01-13 18:17 UTC] mark-jones-xdf at zedwood dot com
This issue appears to also affect
in redis_session.c where it calls 
 url = php_url_parse_ex(save_path+i, j-i);
 [2017-03-10 07:47 UTC] daniel dot k at siteground dot com
Has this issue with Redis and Memcached been resolved. I don't see anything in the Redis PECL changelog:
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Fri Sep 18 21:01:25 2020 UTC