php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74408 Endless loop bypassing execution time limit
Submitted: 2017-04-10 17:46 UTC Modified: 2017-04-10 19:44 UTC
From: andy_2639 at justmail dot de Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 7.1.3 OS: Windows 10 Pro x64
Private report: No CVE-ID:
 [2017-04-10 17:46 UTC] andy_2639 at justmail dot de
Description:
------------
The test script hangs with eating one core completely. Even after the execution time limit is exceeded, php does not abort.
I had to kill php-cgi.exe via task manager.

This might allow DoS attacks to shared hosters where an attacker can upload its own code.

I guess that there is a ping-pong between the error_handler and the exception_handler (deprecation warning of static call to non-static method and instanciating an object of unknown class).

Test script:
---------------
<?php

// php.ini: error_reporting = E_ALL | E_DEPRECATED | E_STRICT

 class ErrorHandling {

  public function error_handler(int $errno, string $errstr, string $errfile, int $errline): void {
   $bla = new NonExistingClass2();
  }

  public function exception_handler(Throwable $e): void { }

 }

 set_error_handler('ErrorHandling::error_handler');
 set_exception_handler('ErrorHandling::exception_handler');

 $blubb = new NonExistingClass();


Expected result:
----------------
Best case: printing an error message and stopping the script.

At least I expect the script to be aborted after the execution time limit exceeds.

Actual result:
--------------
PHP runs eating a core fully without increasing its memory need until I kill php-cgi.exe via task manager.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-04-10 19:44 UTC] stas@php.net
-Type: Security +Type: Bug
 [2017-04-11 10:47 UTC] laruence@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=eb03f16442c7ee10842dde0140b933d2be60b84b
Log: Fixed bug #74408 (Endless loop bypassing execution time limit)
 [2017-04-11 10:47 UTC] laruence@php.net
-Status: Open +Status: Closed
 [2017-05-11 15:18 UTC] info at ihead dot ru
It would better to allow change type of timer, used by max_execution_time: ITIMER_PROF or ITIMER_REAL. ITIMER_PROF used on Unix now.
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Thu May 25 16:01:43 2017 UTC