PHP :: Bug #81549 :: Memory leak : php memory_limit option seems to be not respected

Bug #81549	Memory leak : php memory_limit option seems to be not respected
Submitted:	2021-10-21 15:44 UTC	Modified:	2021-10-21 19:24 UTC
From:	massedil-php-bugs at msd dot im	Assigned:
Status:	Suspended	Package:	*General Issues
PHP Version:	7.3.31	OS:	Debian GNU/Linux 10 (buster)
Private report:	No	CVE-ID:	None

View Developer Edit

[2021-10-21 15:44 UTC] massedil-php-bugs at msd dot im

Description:
------------
Hello,

I think it is a security issue because it is possible to bypass the php memory_limit parameter, fill a the server memory and swap memory and then crash a server.

How to reproduce
----------------

1. Download the unique php file "lib_phpQuery.php" from https://github.com/FreshRSS/FreshRSS/blob/edge/lib/lib_phpQuery.php

2. Execute the test script

Note that there is no "3rd-party C libraries".

More details
------------

I use php 7.3 on this server.

We discovered this bug with Alkarex (https://github.com/Alkarex).

Last open bug is here : 
https://github.com/FreshRSS/FreshRSS/issues/3462

PHP 7.3 seems affected
----------------------

I can reproduce this bug on Debian GNU/Linux 10 (buster)
PHP 7.3.29-1~deb10u1 (cli) (built: Jul  2 2021 04:04:33) ( NTS )


PHP 7.4 seems NOT affected
--------------------------

I can't reproduce it on Ubuntu 20.04.3 LTS
PHP 7.4.3 (cli) (built: Aug 13 2021 05:39:12) ( NTS )

I well have a "PHP Fatal error:  Allowed memory size exhausted".

PHP Fatal error:  Allowed memory size of 67108864 bytes exhausted (tried to allocate 4096 bytes) in lib_phpQuery.php on line 1229

Test script:
---------------
<?php
require('lib_phpQuery.php');

$html = '<html><article>Hello</article></html>';

function test($html) {
    phpQuery::newDocument($html);
}

for ($i = 100000; $i > 0; $i--) {
    test($html);
}

echo memory_get_peak_usage(true), "\n";


Expected result:
----------------
I expect a "PHP Fatal error:  Allowed memory size exhausted".

Actual result:
--------------
The script fill the memory of the server and ignore the memory_limit parameter.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2021-10-21 19:24 UTC] stas@php.net

-Status: Open +Status: Suspended -Type: Security +Type: Bug

[2021-10-21 19:24 UTC] stas@php.net

Looking at the file you referred, I see quite a lot of references to XML/DOM functions. These, of course, are using "3rd-party C libraries" - namely libxml2. PHP can not fully control memory usage for such libraries. If there's any specific memory leak that is identifiable by a simple code example (5700+ line script is not simple) and attributable to PHP, it may deserve a look but then we need such an example. Given that it doesn't happen in 7.4+ my recommendation would be to upgrade - there probably has been some improvements in libxml2 interfacing since then.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 15:01:29 2024 UTC