PHP :: Bug #77283 :: memory exhausted when unserialize data

Bug #77283	memory exhausted when unserialize data
Submitted:	2018-12-11 16:16 UTC	Modified:	2020-05-11 10:52 UTC
From:	jasonxiale at mail dot ru	Assigned:	nikic (profile)
Status:	Closed	Package:	Class/Object related
PHP Version:	master-Git-2018-12-11 (Git)	OS:	Linux(4.15.0-42-generic)
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	jasonxiale at mail dot ru
New email:
PHP Version:		OS:

New Comment:

[2018-12-11 16:16 UTC] jasonxiale at mail dot ru

Description:
------------
when fuzzing php unserialize function using command as:
./sapi/cli/php  -r 'unserialize(file_get_contents("php://stdin"));' < basic_fuzz/fuzzer11/crashes/id\:000000\,sig\:06\,src\:000158+000528\,op\:splice\,rep\:2

I got an error:
Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 42949672960 bytes) in Command line code on line 1


Test script:
---------------
the base64-ed input is like
base64 basic_fuzz/fuzzer11/crashes/id\:000000\,sig\:06\,src\:000158+000528\,op\:splice\,rep\:2 
YTozOntpOjA7YToyOntpOjA7TzoxOiIxIjowNzc3Nzc3Nzc3Ojc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3
Nzc3Nzc3Nzc3Nzc7ASkxOip//yI3Nzc3NzQiO31pOkk7YToyOntpOjA7aVwxO2k3N6UXMSNpAAAA
AX0=

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2020-05-11 10:52 UTC] nikic@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: nikic

[2020-05-11 10:52 UTC] nikic@php.net

This has been addressed in the meantime, unserialize() no longer allows allocations larger than the payload size.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 18 05:01:28 2024 UTC