|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75760 The php development server crashes on GET/POST request with huge Content-Length
Submitted: 2018-01-04 16:30 UTC Modified: 2018-01-05 07:31 UTC
From: speirofr at gmail dot com Assigned:
Status: Open Package: Built-in web server
PHP Version: 7.0.27 OS: Ubuntu 16
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: speirofr at gmail dot com
New email:
PHP Version: OS:


 [2018-01-04 16:30 UTC] speirofr at gmail dot com
The PHP development server crashes when a GET/POST request is performed with a huge Content-Length header, as the PHP server attempts to allocate the memory requested by the client (same as

The steps to reproduce the bug are provided in the Test Script,
on the PHP debian package php7.0 (7.0.22-0ubuntu0.16.04.1),
as well as on previous PHP versions starting with PHP5 (php 5.6.30).

Test script:
# start php development server
! pgrep '^php$' && php -S &
sleep 1
# send GET/POST request with huge content-length
nc 8080 <<EOF
GET / HTTP/1.1
User-Agent: PHP-Test-Env/1.2
Accept: */*
Connection: Keep-Alive
Content-Length: 555555555555555

# the php development server crashes
! pgrep '^php$' && echo 'Test FAIL: The PHP server crashed'

Expected result:
The PHP server should not crash when a client issues a HTTP request with an invalid Content-Length.

Actual result:
The output observed when executing the Test Script is:

php -S
PHP 7.0.22-0ubuntu0.16.04.1 Development Server
Listening on
Document root is /tmp
Press Ctrl-C to quit.
Out of memory

Debugging the PHP server shows that the malloc that runs out of memory is performed at php_cli_server_client_read_request_on_body:

(gdb) bt
 59 #0  __GI___libc_malloc (bytes=34359738368) at malloc.c:2902
 60 #1  0x00000000008350e9 in __zend_malloc (len=34359738368) at php-src/Zend/zend_alloc.c:2884
 61 #2  0x0000000000911d69 in php_cli_server_client_read_request_on_body (parser=<optimized out>, at=0x7fffffff8767 


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2018-01-05 07:31 UTC]
PHP built-in webserver is used for debugging purpose... and in this case it should bailout because out of memory, so I think there is nothing need to be fixed.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Jul 13 15:01:30 2024 UTC