php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74408 Endless loop bypassing execution time limit
Submitted: 2017-04-10 17:46 UTC Modified: 2017-04-10 19:44 UTC
From: andy_2639 at justmail dot de Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 7.1.3 OS: Windows 10 Pro x64
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: andy_2639 at justmail dot de
New email:
PHP Version: OS:

 

 [2017-04-10 17:46 UTC] andy_2639 at justmail dot de
Description:
------------
The test script hangs with eating one core completely. Even after the execution time limit is exceeded, php does not abort.
I had to kill php-cgi.exe via task manager.

This might allow DoS attacks to shared hosters where an attacker can upload its own code.

I guess that there is a ping-pong between the error_handler and the exception_handler (deprecation warning of static call to non-static method and instanciating an object of unknown class).

Test script:
---------------
<?php

// php.ini: error_reporting = E_ALL | E_DEPRECATED | E_STRICT

 class ErrorHandling {

  public function error_handler(int $errno, string $errstr, string $errfile, int $errline): void {
   $bla = new NonExistingClass2();
  }

  public function exception_handler(Throwable $e): void { }

 }

 set_error_handler('ErrorHandling::error_handler');
 set_exception_handler('ErrorHandling::exception_handler');

 $blubb = new NonExistingClass();


Expected result:
----------------
Best case: printing an error message and stopping the script.

At least I expect the script to be aborted after the execution time limit exceeds.

Actual result:
--------------
PHP runs eating a core fully without increasing its memory need until I kill php-cgi.exe via task manager.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-04-10 19:44 UTC] stas@php.net
-Type: Security +Type: Bug
 [2017-04-11 10:47 UTC] laruence@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=eb03f16442c7ee10842dde0140b933d2be60b84b
Log: Fixed bug #74408 (Endless loop bypassing execution time limit)
 [2017-04-11 10:47 UTC] laruence@php.net
-Status: Open +Status: Closed
 [2017-05-11 15:18 UTC] info at ihead dot ru
It would better to allow change type of timer, used by max_execution_time: ITIMER_PROF or ITIMER_REAL. ITIMER_PROF used on Unix now.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Oct 15 09:01:26 2024 UTC