PHP :: Bug #78919 :: CLI server does insufficient cleanup if php_request

Bug #78919

CLI server does insufficient cleanup if php_request_startup() fails

Submitted:

2019-12-06 14:42 UTC

Modified:

2021-07-30 13:39 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

cataphract@php.net

Assigned:

cmb (profile)

Status:

Closed

Package:

Built-in web server

PHP Version:

7.2.25

OS:

Irrelevant

Private report:

CVE-ID:

None

View Developer Edit

[2019-12-06 14:42 UTC] cataphract@php.net

Description:
------------
If php_request_startup() fails, for instance because an extension throws an error during its RINIT, then the CLI server doesn't run php_request_shutdown().

In particular, the memory manager will not be shutdown, which means that repeatedly issuing errors during RINIT will result in eventually PHP running out of memory.

Test script:
---------------
See https://gist.github.com/cataphract/b3d6fca0dc31132a5d190d2de7d07db3

build the image and start a container. Then hit http://localhost:8080/ After 3 or requests, the CLI server will exit due to lack of memory.

Expected result:
----------------
The server runs continuously.

Actual result:
--------------
The server exits after a couple of requests.

Patches

cli_no_exit.diff (last revision 2019-12-06 14:43 UTC by contratempo at gmail dot com)

Pull Requests

Pull requests:

Fix #78919: CLI server: insufficient cleanup if request startup fails (php-src/7322)

History

AllCommentsChangesGit/SVN commitsRelated reports

[2019-12-06 14:43 UTC] contratempo at gmail dot com

The following patch has been added/updated:

Patch Name: cli_no_exit.diff
Revision:   1575643429
URL:        https://bugs.php.net/patch-display.php?bug=78919&patch=cli_no_exit.diff&revision=1575643429

[2019-12-07 13:10 UTC] cmb@php.net

Thanks!  I wonder, though, whether it is generally safe to call
`php_request_shutdown()` after `php_request_startup()` has failed.

[2019-12-07 14:10 UTC] cataphract@php.net

The Apache SAPI does call shutdown after a failed startup:

https://github.com/php/php-src/blob/5d6e923d46a89fe9cd8fb6c3a6da675aa67197b4/sapi/apache2handler/sapi_apache2.c#L710

and we haven't had any crashes reported from the errors raised during RINIT in our extension (sqreen).

FPM simply exists if there's an error during RINIT but it can be worked around easily for our purposes.

[2021-07-30 13:38 UTC] cmb@php.net

The following pull request has been associated:

Patch Name: Fix #78919: CLI server: insufficient cleanup if request startup fails
On GitHub:  https://github.com/php/php-src/pull/7322
Patch:      https://github.com/php/php-src/pull/7322.patch

[2021-07-30 13:39 UTC] cmb@php.net

-Assigned To: +Assigned To: cmb

[2021-08-17 10:41 UTC] git@php.net

Automatic comment on behalf of cmb69
Revision: https://github.com/php/php-src/commit/be2df43b08cf13b9a5791ff5eb827a125115ef52
Log: Fix #78919: CLI server: insufficient cleanup if request startup fails

[2021-08-17 10:41 UTC] git@php.net

-Status: Assigned +Status: Closed

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Oct 31 02:00:02 2025 UTC