PHP :: Bug #77283 :: memory exhausted when unserialize data

Bug #77283	memory exhausted when unserialize data
Submitted:	2018-12-11 16:16 UTC	Modified:	2020-05-11 10:52 UTC
From:	jasonxiale at mail dot ru	Assigned:	nikic (profile)
Status:	Closed	Package:	Class/Object related
PHP Version:	master-Git-2018-12-11 (Git)	OS:	Linux(4.15.0-42-generic)
Private report:	No	CVE-ID:	None

View Developer Edit

[2018-12-11 16:16 UTC] jasonxiale at mail dot ru

Description:
------------
when fuzzing php unserialize function using command as:
./sapi/cli/php  -r 'unserialize(file_get_contents("php://stdin"));' < basic_fuzz/fuzzer11/crashes/id\:000000\,sig\:06\,src\:000158+000528\,op\:splice\,rep\:2

I got an error:
Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 42949672960 bytes) in Command line code on line 1


Test script:
---------------
the base64-ed input is like
base64 basic_fuzz/fuzzer11/crashes/id\:000000\,sig\:06\,src\:000158+000528\,op\:splice\,rep\:2 
YTozOntpOjA7YToyOntpOjA7TzoxOiIxIjowNzc3Nzc3Nzc3Ojc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3
Nzc3Nzc3Nzc3Nzc7ASkxOip//yI3Nzc3NzQiO31pOkk7YToyOntpOjA7aVwxO2k3N6UXMSNpAAAA
AX0=

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2020-05-11 10:52 UTC] nikic@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: nikic

[2020-05-11 10:52 UTC] nikic@php.net

This has been addressed in the meantime, unserialize() no longer allows allocations larger than the payload size.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Oct 26 09:00:01 2025 UTC