php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #81549 Memory leak : php memory_limit option seems to be not respected
Submitted: 2021-10-21 15:44 UTC Modified: 2021-10-21 19:24 UTC
From: massedil-php-bugs at msd dot im Assigned:
Status: Suspended Package: *General Issues
PHP Version: 7.3.31 OS: Debian GNU/Linux 10 (buster)
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: massedil-php-bugs at msd dot im
New email:
PHP Version: OS:

 

 [2021-10-21 15:44 UTC] massedil-php-bugs at msd dot im 
Description:
------------
Hello,

I think it is a security issue because it is possible to bypass the php memory_limit parameter, fill a the server memory and swap memory and then crash a server.

How to reproduce
----------------

1. Download the unique php file "lib_phpQuery.php" from https://github.com/FreshRSS/FreshRSS/blob/edge/lib/lib_phpQuery.php

2. Execute the test script

Note that there is no "3rd-party C libraries".

More details
------------

I use php 7.3 on this server.

We discovered this bug with Alkarex (https://github.com/Alkarex).

Last open bug is here : 
https://github.com/FreshRSS/FreshRSS/issues/3462

PHP 7.3 seems affected
----------------------

I can reproduce this bug on Debian GNU/Linux 10 (buster)
PHP 7.3.29-1~deb10u1 (cli) (built: Jul  2 2021 04:04:33) ( NTS )


PHP 7.4 seems NOT affected
--------------------------

I can't reproduce it on Ubuntu 20.04.3 LTS
PHP 7.4.3 (cli) (built: Aug 13 2021 05:39:12) ( NTS )

I well have a "PHP Fatal error:  Allowed memory size exhausted".

PHP Fatal error:  Allowed memory size of 67108864 bytes exhausted (tried to allocate 4096 bytes) in lib_phpQuery.php on line 1229

Test script:
---------------
<?php
require('lib_phpQuery.php');

$html = '<html><article>Hello</article></html>';

function test($html) {
    phpQuery::newDocument($html);
}

for ($i = 100000; $i > 0; $i--) {
    test($html);
}

echo memory_get_peak_usage(true), "\n";


Expected result:
----------------
I expect a "PHP Fatal error:  Allowed memory size exhausted".

Actual result:
--------------
The script fill the memory of the server and ignore the memory_limit parameter.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-10-21 19:24 UTC] stas@php.net
-Status: Open +Status: Suspended -Type: Security +Type: Bug
 [2021-10-21 19:24 UTC] stas@php.net 
Looking at the file you referred, I see quite a lot of references to XML/DOM functions. These, of course, are using "3rd-party C libraries" - namely libxml2. PHP can not fully control memory usage for such libraries. If there's any specific memory leak that is identifiable by a simple code example (5700+ line script is not simple) and attributable to PHP, it may deserve a look but then we need such an example. Given that it doesn't happen in 7.4+ my recommendation would be to upgrade - there probably has been some improvements in libxml2 interfacing since then.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Apr 16 12:01:29 2024 UTC