Home Original page

PHP :: Bug #71882 :: Negative ftruncate() on php://memory exhausts memory

Bug #71882 Negative ftruncate() on php://memory exhausts memory
Submitted: 2016-03-22 20:26 UTC Modified: 2016-08-29 15:57 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: miloslav dot hula at gmail dot com Assigned: cmb (profile)
Status: Closed Package: Streams related
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None

 [2016-03-22 20:26 UTC] miloslav dot hula at gmail dot com

Description:
------------
Calling ftruncate() with negative index on php://memory leads to memory exhaustion and fatal error.

https://3v4l.org/k720s

Test script:
---------------
<?php

$fd = fopen("php://memory", "w+");
ftruncate($fd, -1);

Expected result:
----------------
(nothing)

Actual result:
--------------
Fatal error: Out of memory (allocated 2097152) (tried to allocate 18446744073709551615 bytes) in /in/k720s on line 4

mmap() failed: [22] Invalid argument
mmap() failed: [22] Invalid argument

Process exited with code 255.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

 [2016-06-21 21:10 UTC] cmb@php.net

-Status: Open +Status: Verified

 [2016-08-12 13:00 UTC] totszwai at gmail dot com

I am running into similar problem, but differently.
I am currently porting a php5.x extension to php7, the test cases ran fine in php5, and failed with the exact same errors shown here when it tries to allocate custom objects.

mmap() failed: [22] Invalid argument
mmap() failed: [22] Invalid argument
Fatal error: Out of memory (allocated 2097152) (tried to allocate 18446744073709551608 bytes)

This is perhaps, php7 related instead of "PHP version: Irrelevant"?

 [2016-08-29 15:55 UTC] cmb@php.net

@totszwai Yours is another issue, as <https://3v4l.org/k720s>
shows (which also exhibits this behavior under PHP 5), albeit
apparently also caused by a respective signed to unsigned
conversion. Please open another ticket, and supply a test script.

 [2016-08-29 15:57 UTC] cmb@php.net

-Assigned To: +Assigned To: cmb

 [2016-08-30 00:30 UTC] cmb@php.net

-Status: Verified +Status: Closed