From: bkfake-php at yahoo dot com
Operating system: Windows
PHP version: 5.4.6
Package: Output Control
Bug Type: Bug
Bug description:if user exceeds post_max_size, script may hang on output
Description:
------------
set post_max_size in php.ini to something relatively small (for easy
testing)
say 2M or 3M
upload_max_filesize setting does not matter...
though for practical reasons it should be smaller than
post_max_size
if posted data exceeds post_max_size... output seems to be limited to under
24500 - 33000 bytes (a modest amount of html) as soon as that unknown
amount is exceeded, the script "hangs"?
* next statement after the triggering echo (or print or file passthru,
etc) is not executed.
* headers not received by browser,
* max_execution_time not reached
* no errors generated (other than Warning "POST Content-Length of xxxx
bytes exceeds the limit of xxxx bytes in Unknown on line 0,")
firefox just sits spinning "Sending request to localhost..."
IE says waiting for....
Test script:
---------------
<?php
/**
* set post_max_size in php.ini to something relatively small (for easy
testing)
* say 2M or 3M
* upload_max_filesize setting does not matter...
* though for practical reasons it should be smaller than
post_max_size
*
* now using this script, upload a file that's over that limit.
*/
if ( $_SERVER['REQUEST_METHOD'] == 'POST' )
{
/**
* change $output_length to trigger the bug
* on one system I tested, the magic number is 24506.. crashes at
24507
* on another the number is 32742.. crashes at 32743
* what limit am I encountering?
* this number appears to be arbitrary... varying by system and
* I think the scripts memory usage also affects how much may be
returned
* the number seems to remain static to that system..
* but if I change this script, the number may change
* (ie, changing the length of $repeat_str below)
*/
$output_length = 24593; // increase/decrease to
trigger/not-trigger the
bug
//
$repeat_str = 'Too much arbitrary output and this script will hang. Why
so?'."\n";
// even changing the length of $repeat_str seems to affect the total
amount that can be output
// perhaps due to change in memory usage?
header('Content-Length: '.$output_length); // adding/removing
headers does
not have any effect
$strlen_repeat_str = strlen($repeat_str);
// output $repeat_str until out $strlen_output = $output_length
$strlen_output = 0; // including closing div;
while ( $strlen_output < $output_length )
{
$diff = $output_length - $strlen_output;
if ( $diff >= $strlen_repeat_str )
{
$strlen_output += $strlen_repeat_str;
echo $repeat_str;
}
else
{
$strlen_output += $diff;
echo substr($repeat_str,0,$diff);
}
}
// when we go over $output_length, script seems to hang on echo
statement...
// headers not received by browser,
// max_execution_time not reached
// no errors generated (other than "PHP Warning localhost
POST
Content-Length of xxxx bytes exceeds the limit of xxxx bytes in Unknown on
line 0,")
// firefox just sits spinning "Sending request to localhost..."
// IE says waiting for....
}
else
{
echo 'uploading a file with a size over '.ini_get('post_max_size').' =
potential crash';
?>
<form enctype="multipart/form-data" action="" method="post" >
<input type="file" name="file" />
<input type="submit" value="submit me!" />
</form>
<?php
}
?>
Expected result:
----------------
initial file-upload form...
after submitting the response should be the string
"Too much arbitrary output and this script will hang. Why so?" repeated
400+times
Actual result:
--------------
script hangs -> nothing returned
--
Edit bug report at https://bugs.php.net/bug.php?id=62983&edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=62983&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=62983&r=trysnapshot53
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=62983&r=trysnapshottrunk
Fixed in SVN:
https://bugs.php.net/fix.php?id=62983&r=fixed
Fixed in SVN and need be documented:
https://bugs.php.net/fix.php?id=62983&r=needdocs
Fixed in release:
https://bugs.php.net/fix.php?id=62983&r=alreadyfixed
Need backtrace:
https://bugs.php.net/fix.php?id=62983&r=needtrace
Need Reproduce Script:
https://bugs.php.net/fix.php?id=62983&r=needscript
Try newer version:
https://bugs.php.net/fix.php?id=62983&r=oldversion
Not developer issue:
https://bugs.php.net/fix.php?id=62983&r=support
Expected behavior:
https://bugs.php.net/fix.php?id=62983&r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=62983&r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=62983&r=submittedtwice
register_globals:
https://bugs.php.net/fix.php?id=62983&r=globals
PHP 4 support discontinued:
https://bugs.php.net/fix.php?id=62983&r=php4
Daylight Savings: https://bugs.php.net/fix.php?id=62983&r=dst
IIS Stability:
https://bugs.php.net/fix.php?id=62983&r=isapi
Install GNU Sed:
https://bugs.php.net/fix.php?id=62983&r=gnused
Floating point limitations:
https://bugs.php.net/fix.php?id=62983&r=float
No Zend Extensions:
https://bugs.php.net/fix.php?id=62983&r=nozend
MySQL Configuration Error:
https://bugs.php.net/fix.php?id=62983&r=mysqlcfg
