|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78326 improper memory deallocation on stream_get_contents() with fixed lenght buffer
Submitted: 2019-07-23 12:02 UTC Modified: -
From: albertcasademont at gmail dot com Assigned:
Status: Closed Package: Streams related
PHP Version: 7.2.21RC1 OS: Alpine Linux 3.10
Private report: No CVE-ID: None
 [2019-07-23 12:02 UTC] albertcasademont at gmail dot com
When calling stream_get_contents() with a fixed length buffer, the memory allocated for that buffer is not freed even though the actual data might be much shorter than the allocated buffer. This can potentially crash the script just after a couple of stream_get_contents() calls due to memory issues.

If we don't specify a fixed lenght buffer, php will correctly reallocate the string to the exact amount of data read. This would also be the expected thing to do even if we fix the buffer length.

Test script:

$f = tmpfile();
fwrite($f, '.');

$chunks = array();
for ($i = 0; $i < 1000; ++$i) {
    $chunks[] = stream_get_contents($f, 1000000);

Expected result:

Actual result:
Fatal error: Allowed memory size of 67108864 bytes exhausted (tried to allocate 1003520 bytes) in /in/HP2U9 on line 9


Add a Patch

Pull Requests

Pull requests:

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2019-07-23 12:05 UTC] albertcasademont at gmail dot com
 [2019-07-23 12:06 UTC] albertcasademont at gmail dot com
The following pull request has been associated:

Patch Name: fix #78326 memory issues with stream_get_contents() fixed length buffer
On GitHub:
 [2019-07-29 15:35 UTC]
Automatic comment on behalf of
Log: Fix bug #78326
 [2019-07-29 15:35 UTC]
-Status: Open +Status: Closed
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Thu Sep 21 23:01:24 2023 UTC