php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #80972 Memory exhaustion on invalid string offset
Submitted: 2021-04-20 18:13 UTC Modified: -
From: girgias@php.net Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 8.0.5RC1 OS:
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: girgias@php.net
New email:
PHP Version: OS:

 

 [2021-04-20 18:13 UTC] girgias@php.net
Description:
------------
On a very large float-string string offset a memory exhaustion error kills the process although this could be prevented because a TypeError has already been thrown.

This bug is limited to PHP 8, as prior to this version invalid string offsets only emitted an E_WARNING.

Test script:
---------------
<?php

$float = 10e120;
$string_float = (string) $float;

$string = 'Here is some text for good measure';

try {
    echo 'Float casted to string compile', \PHP_EOL;
    $string[(string) 10e120] = 'E';
    var_dump($string);
} catch (\TypeError $e) {
    echo 'TypeError', \PHP_EOL;
}

?>

Expected result:
----------------
Float casted to string compile
TypeError

Actual result:
--------------
Float casted to string compile

Warning: Uncaught TypeError: Cannot access offset of type string on string in /in/HlIY7:10
Stack trace:
#0 {main}
  thrown in /in/HlIY7 on line 10

Fatal error: Allowed memory size of 67108864 bytes exhausted (tried to allocate 9223372036854775840 bytes) in /in/HlIY7 on line 10

Process exited with code 255.

Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-04-20 18:23 UTC] girgias@php.net
The following pull request has been associated:

Patch Name: Fix Bug #80972: Memory exhaustion on invalid string offset
On GitHub:  https://github.com/php/php-src/pull/6890
Patch:      https://github.com/php/php-src/pull/6890.patch
 [2021-04-26 12:23 UTC] git@php.net
Automatic comment on behalf of Girgias
Revision: https://github.com/php/php-src/commit/418fcd22e835420c2bdaef55c62d8a45101f62b7
Log: Fix Bug #80972: Memory exhaustion on invalid string offset
 [2021-04-26 12:23 UTC] git@php.net
-Status: Open +Status: Closed
 [2021-04-26 13:00 UTC] git@php.net
Automatic comment on behalf of Girgias
Revision: https://github.com/php/php-src/commit/97f8ca52faa4786599fc4cd39741926369532599
Log: Fix Bug #80972: Memory exhaustion on invalid string offset
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 07 08:01:28 2024 UTC