|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74408 Endless loop bypassing execution time limit
Submitted: 2017-04-10 17:46 UTC Modified: 2017-04-10 19:44 UTC
From: andy_2639 at justmail dot de Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 7.1.3 OS: Windows 10 Pro x64
Private report: No CVE-ID: None
 [2017-04-10 17:46 UTC] andy_2639 at justmail dot de
The test script hangs with eating one core completely. Even after the execution time limit is exceeded, php does not abort.
I had to kill php-cgi.exe via task manager.

This might allow DoS attacks to shared hosters where an attacker can upload its own code.

I guess that there is a ping-pong between the error_handler and the exception_handler (deprecation warning of static call to non-static method and instanciating an object of unknown class).

Test script:

// php.ini: error_reporting = E_ALL | E_DEPRECATED | E_STRICT

 class ErrorHandling {

  public function error_handler(int $errno, string $errstr, string $errfile, int $errline): void {
   $bla = new NonExistingClass2();

  public function exception_handler(Throwable $e): void { }



 $blubb = new NonExistingClass();

Expected result:
Best case: printing an error message and stopping the script.

At least I expect the script to be aborted after the execution time limit exceeds.

Actual result:
PHP runs eating a core fully without increasing its memory need until I kill php-cgi.exe via task manager.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-04-10 19:44 UTC]
-Type: Security +Type: Bug
 [2017-04-11 10:47 UTC]
Automatic comment on behalf of
Log: Fixed bug #74408 (Endless loop bypassing execution time limit)
 [2017-04-11 10:47 UTC]
-Status: Open +Status: Closed
 [2017-05-11 15:18 UTC] info at ihead dot ru
It would better to allow change type of timer, used by max_execution_time: ITIMER_PROF or ITIMER_REAL. ITIMER_PROF used on Unix now.
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC