|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77283 memory exhausted when unserialize data
Submitted: 2018-12-11 16:16 UTC Modified: -
From: jasonxiale at mail dot ru Assigned:
Status: Open Package: Class/Object related
PHP Version: master-Git-2018-12-11 (Git) OS: Linux(4.15.0-42-generic)
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
Solve the problem:
49 - 19 = ?
Subscribe to this entry?

 [2018-12-11 16:16 UTC] jasonxiale at mail dot ru
when fuzzing php unserialize function using command as:
./sapi/cli/php  -r 'unserialize(file_get_contents("php://stdin"));' < basic_fuzz/fuzzer11/crashes/id\:000000\,sig\:06\,src\:000158+000528\,op\:splice\,rep\:2

I got an error:
Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 42949672960 bytes) in Command line code on line 1

Test script:
the base64-ed input is like
base64 basic_fuzz/fuzzer11/crashes/id\:000000\,sig\:06\,src\:000158+000528\,op\:splice\,rep\:2 


Add a Patch

Pull Requests

Add a Pull Request

PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sat Apr 04 18:01:23 2020 UTC