From: [EMAIL PROTECTED]
Operating system: Linux
PHP version: 4.0.4pl1
PHP Bug Type: Reproduceable crash
Bug description: disable_functions fopen Memory allocation crash
We configured PHP with fopen and all other file-related functions disabled
(disable_functions = "fopen") on our Lnux 2.2.16 machine with Apache 1.3.19.
If a file with fopen or any other file-related (and disabled) function is run PHP does
NOT simply refuse the execution of this function. It runs forever (or until the end of
the max_execution_time setting) and allocates more and more memory. This results in a
server crash within less than one minute because of memory shortage.
If you configure a very short max_execution_time (or stop the execution of the script
with your browser manually after one second) the server does not crash immediatelly.
However all memory allocated by the httpd process serving the script (many MBs per
second!) is NOT released. So only a very short (fraction of a second) second execution
of the script by the same httpd process will result in a server crash.
Sample script used (with add. syntax errors):
<!doctype html public "-//W3C//DTD HTML 4.0 //EN">
<html>
<head>
<LINK REL=STYLESHEET TYPE="text/css" HREF="format.css">
<title>Heutige Geburtstagsliste</title>
</head>
<body BGCOLOR="#FFFFFF" link="#7DA6B9" vlink="#7DA6B9" alink="#7DA6B9">
<table border=0>
<tr>
<td width=15%> </td>
<td width=60%>
<table border=0 cellspacing="5" cellpadding="2">
<caption align=top>
<?php
$today = date ("d. F");
echo "<h3>$today</h3>";
?>
</caption>
<?php
$month = date ("m");
$day = date ("d");
$fr = fopen($month . ".txt", "r");
$hit = 0;
while (!feof($fr))
{
$buffer = fgets($fr, 1024);
if ($buffer != "")
{
list ($birthday, $name, $email) = split ('[#]', $buffer);
if (substr($birthday, 0, 4) == date("dm"))
{
$hit = 1;
echo "<tr bgcolor=\"#94B5C6\">";
echo "<td class=\"text\" width=\"50\">";
printf (substr($birthday, 4, 4));
echo "</td>";
echo "<td class=\"text\" width=\"200\">$name</td>";
echo "<td width=\"200\"><a class=\"link\"
href=mailto:$email>$email</a></td></tr>";
}
}
}
if ($hit == 0)
{
echo "<tr><td colspan=\"3\" class=\"text\">Es sind für den heutigen Tag
keine Einträge vorhanden!</td></tr>";
}
fclose ($fr);
?>
</table>
</body>
</html>
php.ini:
engine = On
short_open_tag = On
precision = 5
output_buffering = Off
expose_php = Off
allow_url_fopen = Off
asp_tags = On
display_errors = On
doc_root = "."
open_basedir = "."
include_path = "."
magic_quotes_gpc = On
magic_quotes_runtime = On
max_execution_time = 5
memory_limit = 314000
register_globals = On
file_uploads = 0
post_max_size = 300K
safe_mode = On
safe_mode_exec_dir = "."
enable_dl = Off
;; EXTENSION LOADING
extension_dir = /usr/lib/php4
;; Global PHP defaults
warn_plus_overloading = On ; warn if the + operator is used with strings
track_errors = On ; Store the last error/warning message in
$php_errormsg (boolean)
track_vars = On ;
include_path = ".:/usr/share/php"
disable_functions="fopen,fpassthru,fputs,fread,fscanf,fseek,fstat,ftell,ftruncate,fwrite"
--
Edit Bug report at: http://bugs.php.net/?id=10042&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
