Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ME:
- Consider the following:
- <?
- session_start();
- print "<pre>"; print_r($_SESSION); print "</pre>";
- $x = "YYYYYYYY";
- $date = date("%c");
- $_SESSION['before'] = $date;
- $count = 0 + $_GET['count'];
- for ($i = 0; $i < $count; $i++) {
- $x = $x . "XXXXXXXXXXXXXXXXXXx";
- $var[$i] = $x;
- if ($i % 10 == 0)
- print "$i " . memory_get_usage() . "\n";
- }
- $_SESSION['after'] = $date;
- ?>
- On a webserver call this function with "memory.php?count=1000". On your next reload, "before" and "after" will have the same value, as they should.
- Try with "memory.php?count=10000" which can take out most (all?) normal setups. After memory is exhausted, the session is still written to disk, but we were partially though the function. There seems to way in the language to prepare any kind of "critical section" where things are either entirely done or not done at all (such as by disabling the session_save_path() to /dev/null and then changing it back at the end).
- HIM:
- Are you sure it crashes? Or did you get a memory limit (input vars) error?
- Can you enable the error log and check what happens? Or simply
- display_erros on (and show source if you get a white page) :)
- Cheers,
- ME:
- Running from a command prompt I get something like this:
- PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 133957984 bytes) in /home/weberdan/memory.php on line 11
- Although I needed to futz around with sessions a bit when using it from the command line.
- I also get the same error on the web page with display_errors turned to on.
- In some scripts the memory usage is something that the user may be able to control, allowing a malicious user to be able to interrupt the program at a place of her choosing, and then the broken state would be written to disk and available on the next page load.
- HIM:
- hi!
- On Wed, Aug 7, 2013 at 5:52 PM, Dan Weber <weberdan@gmail.com> wrote:
- > Running from a command prompt I get something like this:
- >
- > PHP Fatal error: Allowed memory size of 134217728 bytes exhausted
- > (tried to allocate 133957984 bytes) in /home/weberdan/memory.php on line 11
- >
- > Although I needed to futz around with sessions a bit when using it from the
- > command line.
- >
- > I also get the same error on the web page with display_errors turned to on.
- >
- > In some scripts the memory usage is something that the user may be able to
- > control, allowing a malicious user to be able to interrupt the program at a
- > place of her choosing, and then the broken state would be written to disk
- > and available on the next page load.
- So there is no bug per se here, security related or normal bug.
- Increase or disable the memory limit to solve this problem.
- Cheers,
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement