php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #81549 Memory leak : php memory_limit option seems to be not respected
Submitted: 2021-10-21 15:44 UTC Modified: 2021-10-21 19:24 UTC
From: massedil-php-bugs at msd dot im Assigned:
Status: Suspended Package: *General Issues
PHP Version: 7.3.31 OS: Debian GNU/Linux 10 (buster)
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: massedil-php-bugs at msd dot im
New email:
PHP Version: OS:

 

 [2021-10-21 15:44 UTC] massedil-php-bugs at msd dot im
Description:
------------
Hello,

I think it is a security issue because it is possible to bypass the php memory_limit parameter, fill a the server memory and swap memory and then crash a server.

How to reproduce
----------------

1. Download the unique php file "lib_phpQuery.php" from https://github.com/FreshRSS/FreshRSS/blob/edge/lib/lib_phpQuery.php

2. Execute the test script

Note that there is no "3rd-party C libraries".

More details
------------

I use php 7.3 on this server.

We discovered this bug with Alkarex (https://github.com/Alkarex).

Last open bug is here : 
https://github.com/FreshRSS/FreshRSS/issues/3462

PHP 7.3 seems affected
----------------------

I can reproduce this bug on Debian GNU/Linux 10 (buster)
PHP 7.3.29-1~deb10u1 (cli) (built: Jul  2 2021 04:04:33) ( NTS )


PHP 7.4 seems NOT affected
--------------------------

I can't reproduce it on Ubuntu 20.04.3 LTS
PHP 7.4.3 (cli) (built: Aug 13 2021 05:39:12) ( NTS )

I well have a "PHP Fatal error:  Allowed memory size exhausted".

PHP Fatal error:  Allowed memory size of 67108864 bytes exhausted (tried to allocate 4096 bytes) in lib_phpQuery.php on line 1229

Test script:
---------------
<?php
require('lib_phpQuery.php');

$html = '<html><article>Hello</article></html>';

function test($html) {
    phpQuery::newDocument($html);
}

for ($i = 100000; $i > 0; $i--) {
    test($html);
}

echo memory_get_peak_usage(true), "\n";


Expected result:
----------------
I expect a "PHP Fatal error:  Allowed memory size exhausted".

Actual result:
--------------
The script fill the memory of the server and ignore the memory_limit parameter.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-10-21 19:24 UTC] stas@php.net
-Status: Open +Status: Suspended -Type: Security +Type: Bug
 [2021-10-21 19:24 UTC] stas@php.net
Looking at the file you referred, I see quite a lot of references to XML/DOM functions. These, of course, are using "3rd-party C libraries" - namely libxml2. PHP can not fully control memory usage for such libraries. If there's any specific memory leak that is identifiable by a simple code example (5700+ line script is not simple) and attributable to PHP, it may deserve a look but then we need such an example. Given that it doesn't happen in 7.4+ my recommendation would be to upgrade - there probably has been some improvements in libxml2 interfacing since then.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Tue Nov 30 22:03:36 2021 UTC