ID: 42663 User updated by: arnaud dot lb at gmail dot com Reported By: arnaud dot lb at gmail dot com Status: Open Bug Type: Zlib Related Operating System: Linux 2.6 PHP Version: 5.2.4 New Comment:
I wrote a testcase for this bug: http://s3.amazonaws.com/arnaud.lb/gzinflate-bug42663.phpt.txt Previous Comments: ------------------------------------------------------------------------ [2007-09-16 17:43:11] arnaud dot lb at gmail dot com It works with any compressed data if you truncate it. The yuicompressor-1.0.zip file used for this example can be found here: http://www.julienlecomte.net/yuicompressor/yuicompressor-1.0.zip ------------------------------------------------------------------------ [2007-09-16 14:52:47] [EMAIL PROTECTED] Can you please provide a URL to the file with corrupted data. ------------------------------------------------------------------------ [2007-09-13 18:33:23] arnaud dot lb at gmail dot com Example code in a more readable format: <?php ini_set('memory_limit', -1); // compressing a ~1.6MB file with gzdeflate() $data = gzdeflate(file_get_contents("/home/noch/yuicompressor-1.0.zip"), 9); echo "Compressed length: " . strlen($data) . "\n"; // gzinflate() works with original $data gzinflate($data); // Truncating compressed $data $data = substr($data, 0, 65535); echo "Truncated length: " . strlen($data) . "\n"; // Bug is here: gzinflate($data); ?> ------------------------------------------------------------------------ [2007-09-13 18:28:28] arnaud dot lb at gmail dot com Description: ------------ gzinflate() try to allocate all memory with truncated $data: Fatal error: Out of memory (allocated 1074003968) (tried to allocate 2147450880 bytes) in Command line code on line 1 Zlib version: 1.2.3.3 Reproduce code: --------------- /tmp/php-5.2.4$ ./configure --disable-all --enable-cli --with-zlib && make -j4 /tmp/php-5.2.4$ sapi/cli/php -d memory_limit=-1 -r '$data = gzdeflate(file_get_contents("/tmp/yuicompressor-1.0.zip"), 9); echo "Compressed length: " . strlen($data) . "\n"; gzinflate($data); $data = substr($data, 0, 65535); echo "Truncated length: " . strlen($data) . "\n"; gzinflate($data);' Expected result: ---------------- gzinflate() should return FALSE, without eating all memory Actual result: -------------- Fatal error: Out of memory (allocated 1074003968) (tried to allocate 2147450880 bytes) in Command line code on line 1 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=42663&edit=1
