ID: 47020
Updated by: [email protected]
Reported By: kulminaator at gmail dot com
-Status: Open
+Status: Bogus
Bug Type: Scripting Engine problem
Operating System: Mac OS X 10.5.6
PHP Version: 5.2.8
New Comment:
This has nothing to do with print_r(). Fix your php.ini not to output
errors.
Previous Comments:
------------------------------------------------------------------------
[2009-01-06 15:19:37] finsoft at gmail dot com
Same thing reproduced on PHP Version 5.2.6, Windows XP Pro SP3, Apache
2.2.8
------------------------------------------------------------------------
[2009-01-06 14:05:13] kulminaator at gmail dot com
Description:
------------
print_r creates output although it was not asked to
The code
$str = print_r($expression, true);
should never produce any output, but it does if php hits the memory
limit closely enough.
My memory_limit is set to 128M (may be this has to be the same to
reproduce the bug).
Needless to say, this is a security issue and may output information to
clients that never should go there by the code.
Reproduce code:
---------------
<?php
// php.ini has memory limit at 128M
$limit = (str_replace('M','',ini_get('memory_limit')))*1024*1024;
print "Memory limit is $limit bytes\n";
$data = str_repeat('x', $limit / 3 );
$x = print_r($data, true);
Expected result:
----------------
Out of memory error or no output at all.
Actual result:
--------------
The huge amount of x-es (xxxxxxxxxxxx about 40 million times) followed
by
Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to
allocate 44739243 bytes) in /private/tmp/proof_of_concept.php on line 6
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=47020&edit=1
