On Mon, Sep 25, 2023 at 10:49 AM Derick Rethans <der...@php.net> wrote: > > Hi, > > The Foundation is organising an external audit/security check of the PHP > source code. As part of that, we would like to identify the places in > the PHP source code where checking this will have the most impact. > > Typical areas would be where user input can be (automatically read) remotely, > such as > our RFC 1867 HTTP header parser. But we are sure there are other > important areas as well, and we would like your input. > > So, if you can suggest an area where doing an external review would have > high impact, please reply to this email. > > cheers, > Derick > > -- > https://derickrethans.nl | https://xdebug.org | https://dram.io > > Author of Xdebug. Like it? Consider supporting me: https://xdebug.org/support > Host of PHP Internals News: https://phpinternals.news > > mastodon: @derickr@phpc.social @xdebug@phpc.social > twitter: @derickr and @xdebug > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: https://www.php.net/unsub.php >
Possible the spl extension. Most of that memory lives outside of PHP during runtime and is invisible to the engine, IIRC. Lots of people put random user-input in the objects there. Robert Landers Software Engineer Utrecht NL -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
