PHP :: Bug #54866 :: incorrect accounting for realpath_cache_size
| Bug #54866 | incorrect accounting for realpath_cache_size | ||||
|---|---|---|---|---|---|
| Submitted: | 2011-05-19 22:04 UTC | Modified: | 2011-05-20 01:10 UTC | ||
| From: | dustin dot ward1 at gmail dot com | Assigned: | rasmus (profile) | ||
| Status: | Closed | Package: | *Directory/Filesystem functions | ||
| PHP Version: | 5.3.6 | OS: | Linux | ||
| Private report: | No | CVE-ID: | None | ||
[2011-05-19 22:04 UTC] dustin dot ward1 at gmail dot com
Description:
------------
When items are removed from the realpath_cache, if the path is the same as the
realpath, then the incorrect size is subtracted from realpath_cache_size.
This is due to the "realpath_cache_add" function. If the realpath and the path are
the same, then an optimization occurs where bucket->realpath is assigned to the
same location as bucket->path (so there's no copy being done). The size added to
realpath_cache_size takes this into account, but not when removing.
This can cause the size to be incorrect and also be negative.
I've submitted a patch and some test code.
Test script:
---------------
<?php
// set the ini options to more easily reproduce
// realpath_cache_ttl = 1
// realpath_cache_siz = 16K
for($i = 0; $i < 5000; $i++) {
file_put_contents("/tmp/foo-$i.txt", "");
clearstatcache(true, "/tmp/foo-$i.txt");
echo "$i - stat cache is: ".realpath_cache_size()."\n";
if(realpath_cache_size() < 0) {
print "Hit realpath_cache_size bug\n";
break;
}
}
// clean up created files
for ($x = 0; $x < $i; $x++) {
unlink("/tmp/foo-$x.txt");
}
Expected result:
----------------
If bug is present it should output 'Hit realpath_cache_size bug'
Patches
realpath_cache_accounting_bug (last revision 2011-05-19 20:05 UTC by dustin dot ward1 at gmail dot com)Pull Requests
History
AllCommentsChangesGit/SVN commits
[2011-05-20 01:10 UTC] rasmus@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: rasmus
[2011-05-20 01:10 UTC] rasmus@php.net