#47020 [NEW]: print_r produces output with $return set to true

Tue, 06 Jan 2009 06:05:26 -0800 

From:             kulminaator at gmail dot com
Operating system: Mac OS X 10.5.6
PHP version:      5.2.8
PHP Bug Type:     Scripting Engine problem
Bug description:  print_r produces output with $return set to true

Description:
------------
print_r creates output although it was not asked to

The code 

$str = print_r($expression, true);  

should never produce any output, but it does if php hits the memory limit
closely enough.

My memory_limit is set to 128M (may be this has to be the same to
reproduce the bug).

Needless to say, this is a security issue and may output information to
clients that never should go there by the code.

Reproduce code:
---------------
<?php
// php.ini has memory limit at  128M
$limit = (str_replace('M','',ini_get('memory_limit')))*1024*1024;
print "Memory limit is $limit bytes\n";
$data = str_repeat('x', $limit / 3 );
$x = print_r($data, true);

Expected result:
----------------
Out of memory error or no output at all.

Actual result:
--------------
The huge amount of x-es (xxxxxxxxxxxx about 40 million times) followed by


Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to
allocate 44739243 bytes) in /private/tmp/proof_of_concept.php on line 6

-- 
Edit bug report at http://bugs.php.net/?id=47020&edit=1
-- 
Try a CVS snapshot (PHP 5.2):        
http://bugs.php.net/fix.php?id=47020&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):        
http://bugs.php.net/fix.php?id=47020&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):        
http://bugs.php.net/fix.php?id=47020&r=trysnapshot60
Fixed in CVS:                        
http://bugs.php.net/fix.php?id=47020&r=fixedcvs
Fixed in CVS and need be documented: 
http://bugs.php.net/fix.php?id=47020&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=47020&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=47020&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=47020&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=47020&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=47020&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=47020&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=47020&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=47020&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=47020&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=47020&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=47020&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=47020&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=47020&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=47020&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=47020&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=47020&r=mysqlcfg

Reply via email to