php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #81549 Memory leak : php memory_limit option seems to be not respected
Submitted: 2021-10-21 15:44 UTC Modified: 2021-10-21 19:24 UTC
From: massedil-php-bugs at msd dot im Assigned:
Status: Suspended Package: *General Issues
PHP Version: 7.3.31 OS: Debian GNU/Linux 10 (buster)
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: massedil-php-bugs at msd dot im
New email:
PHP Version: OS:

 

 [2021-10-21 15:44 UTC] massedil-php-bugs at msd dot im
Description:
------------
Hello,

I think it is a security issue because it is possible to bypass the php memory_limit parameter, fill a the server memory and swap memory and then crash a server.

How to reproduce
----------------

1. Download the unique php file "lib_phpQuery.php" from https://github.com/FreshRSS/FreshRSS/blob/edge/lib/lib_phpQuery.php

2. Execute the test script

Note that there is no "3rd-party C libraries".

More details
------------

I use php 7.3 on this server.

We discovered this bug with Alkarex (https://github.com/Alkarex).

Last open bug is here : 
https://github.com/FreshRSS/FreshRSS/issues/3462

PHP 7.3 seems affected
----------------------

I can reproduce this bug on Debian GNU/Linux 10 (buster)
PHP 7.3.29-1~deb10u1 (cli) (built: Jul  2 2021 04:04:33) ( NTS )


PHP 7.4 seems NOT affected
--------------------------

I can't reproduce it on Ubuntu 20.04.3 LTS
PHP 7.4.3 (cli) (built: Aug 13 2021 05:39:12) ( NTS )

I well have a "PHP Fatal error:  Allowed memory size exhausted".

PHP Fatal error:  Allowed memory size of 67108864 bytes exhausted (tried to allocate 4096 bytes) in lib_phpQuery.php on line 1229

Test script:
---------------
<?php
require('lib_phpQuery.php');

$html = '<html><article>Hello</article></html>';

function test($html) {
    phpQuery::newDocument($html);
}

for ($i = 100000; $i > 0; $i--) {
    test($html);
}

echo memory_get_peak_usage(true), "\n";


Expected result:
----------------
I expect a "PHP Fatal error:  Allowed memory size exhausted".

Actual result:
--------------
The script fill the memory of the server and ignore the memory_limit parameter.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-10-21 19:24 UTC] stas@php.net
-Status: Open +Status: Suspended -Type: Security +Type: Bug
 [2021-10-21 19:24 UTC] stas@php.net
Looking at the file you referred, I see quite a lot of references to XML/DOM functions. These, of course, are using "3rd-party C libraries" - namely libxml2. PHP can not fully control memory usage for such libraries. If there's any specific memory leak that is identifiable by a simple code example (5700+ line script is not simple) and attributable to PHP, it may deserve a look but then we need such an example. Given that it doesn't happen in 7.4+ my recommendation would be to upgrade - there probably has been some improvements in libxml2 interfacing since then.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 02 17:01:35 2024 UTC