On Thursday 20 May 2010 13:48:27 [email protected] wrote:
> the following script:
>
> # cat test.php
> <?php
> ini_set("memory_limit", "256M");
> echo "foobar\n";
> ?>
>
> executed on the command line with the following parameters
>
> # php5 --define memory_limit=-1 --define suhosin.memory_limit=0 test.php
>
> leads to this syslog warning:
>
> May 10 00:14:35 hilbert suhosin[8679]: ALERT - script tried to increase
> memory_limit to 268435456 bytes which is above the allowed value (attacker
> 'REMOTE_ADDR not set', file '/home/christoph/test.php', line 3)
>
>
> Suhosin should not warn because the script has the permission to use as
> much memory as it wants. The problem occurs with the same warning if I set
> memory_limit to -1 in php.ini

Citing Stefan Esser from irc:

the whole memory limit thing is bad anyway... initialising memory_limit to -1 
is just wrong... It abuses integer overflows etc...
[...]the fact that it abuses the -1 is a big unsigned number thingie

So I interpret that as "wontfix" by upstream.

With kind regards, Jan.

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply via email to