On Thursday 20 May 2010 13:48:27 [email protected] wrote: > the following script: > > # cat test.php > <?php > ini_set("memory_limit", "256M"); > echo "foobar\n"; > ?> > > executed on the command line with the following parameters > > # php5 --define memory_limit=-1 --define suhosin.memory_limit=0 test.php > > leads to this syslog warning: > > May 10 00:14:35 hilbert suhosin[8679]: ALERT - script tried to increase > memory_limit to 268435456 bytes which is above the allowed value (attacker > 'REMOTE_ADDR not set', file '/home/christoph/test.php', line 3) > > > Suhosin should not warn because the script has the permission to use as > much memory as it wants. The problem occurs with the same warning if I set > memory_limit to -1 in php.ini
Citing Stefan Esser from irc: the whole memory limit thing is bad anyway... initialising memory_limit to -1 is just wrong... It abuses integer overflows etc... [...]the fact that it abuses the -1 is a big unsigned number thingie So I interpret that as "wontfix" by upstream. With kind regards, Jan.
signature.asc
Description: This is a digitally signed message part.

