|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75760 The php development server crashes on GET/POST request with huge Content-Length
Submitted: 2018-01-04 16:30 UTC Modified: 2018-01-05 07:31 UTC
From: speirofr at gmail dot com Assigned:
Status: Open Package: Built-in web server
PHP Version: 7.0.27 OS: Ubuntu 16
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
Solve the problem:
47 - 2 = ?
Subscribe to this entry?

 [2018-01-04 16:30 UTC] speirofr at gmail dot com
The PHP development server crashes when a GET/POST request is performed with a huge Content-Length header, as the PHP server attempts to allocate the memory requested by the client (same as

The steps to reproduce the bug are provided in the Test Script,
on the PHP debian package php7.0 (7.0.22-0ubuntu0.16.04.1),
as well as on previous PHP versions starting with PHP5 (php 5.6.30).

Test script:
# start php development server
! pgrep '^php$' && php -S &
sleep 1
# send GET/POST request with huge content-length
nc 8080 <<EOF
GET / HTTP/1.1
User-Agent: PHP-Test-Env/1.2
Accept: */*
Connection: Keep-Alive
Content-Length: 555555555555555

# the php development server crashes
! pgrep '^php$' && echo 'Test FAIL: The PHP server crashed'

Expected result:
The PHP server should not crash when a client issues a HTTP request with an invalid Content-Length.

Actual result:
The output observed when executing the Test Script is:

php -S
PHP 7.0.22-0ubuntu0.16.04.1 Development Server
Listening on
Document root is /tmp
Press Ctrl-C to quit.
Out of memory

Debugging the PHP server shows that the malloc that runs out of memory is performed at php_cli_server_client_read_request_on_body:

(gdb) bt
 59 #0  __GI___libc_malloc (bytes=34359738368) at malloc.c:2902
 60 #1  0x00000000008350e9 in __zend_malloc (len=34359738368) at php-src/Zend/zend_alloc.c:2884
 61 #2  0x0000000000911d69 in php_cli_server_client_read_request_on_body (parser=<optimized out>, at=0x7fffffff8767 


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2018-01-05 07:31 UTC]
PHP built-in webserver is used for debugging purpose... and in this case it should bailout because out of memory, so I think there is nothing need to be fixed.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu May 30 22:01:29 2024 UTC