php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #80972 Memory exhaustion on invalid string offset
Submitted: 2021-04-20 18:13 UTC Modified: -
From: girgias@php.net Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 8.0.5RC1 OS:
Private report: No CVE-ID: None
 [2021-04-20 18:13 UTC] girgias@php.net
Description:
------------
On a very large float-string string offset a memory exhaustion error kills the process although this could be prevented because a TypeError has already been thrown.

This bug is limited to PHP 8, as prior to this version invalid string offsets only emitted an E_WARNING.

Test script:
---------------
<?php

$float = 10e120;
$string_float = (string) $float;

$string = 'Here is some text for good measure';

try {
    echo 'Float casted to string compile', \PHP_EOL;
    $string[(string) 10e120] = 'E';
    var_dump($string);
} catch (\TypeError $e) {
    echo 'TypeError', \PHP_EOL;
}

?>

Expected result:
----------------
Float casted to string compile
TypeError

Actual result:
--------------
Float casted to string compile

Warning: Uncaught TypeError: Cannot access offset of type string on string in /in/HlIY7:10
Stack trace:
#0 {main}
  thrown in /in/HlIY7 on line 10

Fatal error: Allowed memory size of 67108864 bytes exhausted (tried to allocate 9223372036854775840 bytes) in /in/HlIY7 on line 10

Process exited with code 255.

Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-04-20 18:23 UTC] girgias@php.net
The following pull request has been associated:

Patch Name: Fix Bug #80972: Memory exhaustion on invalid string offset
On GitHub:  https://github.com/php/php-src/pull/6890
Patch:      https://github.com/php/php-src/pull/6890.patch
 [2021-04-26 12:23 UTC] git@php.net
Automatic comment on behalf of Girgias
Revision: https://github.com/php/php-src/commit/418fcd22e835420c2bdaef55c62d8a45101f62b7
Log: Fix Bug #80972: Memory exhaustion on invalid string offset
 [2021-04-26 12:23 UTC] git@php.net
-Status: Open +Status: Closed
 [2021-04-26 13:00 UTC] git@php.net
Automatic comment on behalf of Girgias
Revision: https://github.com/php/php-src/commit/97f8ca52faa4786599fc4cd39741926369532599
Log: Fix Bug #80972: Memory exhaustion on invalid string offset
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Dec 03 17:01:29 2024 UTC