#45901 [NEW]: wddx_serialize_value crash with SimpleXMLElement object

Sat, 23 Aug 2008 21:54:24 -0700 

From:             aragon at phat dot za dot net
Operating system: FreeBSD 7.0-STABLE
PHP version:      5.2.6
PHP Bug Type:     *XML functions
Bug description:  wddx_serialize_value crash with SimpleXMLElement object

Description:
------------
If wddx_serialize_value is called on a SimpleXMLElement object that has at
least one child, the PHP script enters an infinite loop consuming full CPU
and allocating memory until the memory size limit is reached, after which
the script dies.


Reproduce code:
---------------
<?

$xml = new SimpleXMLElement('<data></data>');
$xml->addChild('test');
echo wddx_serialize_value($xml, 'Variables');
echo 'hello world';

?>


Expected result:
----------------
To see the WDDX output and 'hello world' :)

Actual result:
--------------
Potential DoS against web server and this log entry:

[Sun Aug 24 06:44:19 2008] [error] [client 127.0.0.1] PHP Fatal error: 
Allowed memory size of 134217728 bytes exhausted (tried to allocate
133955606 bytes) in /usr/home/aragon/dev/admin.infinite/test.php on line 5


-- 
Edit bug report at http://bugs.php.net/?id=45901&edit=1
-- 
Try a CVS snapshot (PHP 5.2): 
http://bugs.php.net/fix.php?id=45901&r=trysnapshot52
Try a CVS snapshot (PHP 5.3): 
http://bugs.php.net/fix.php?id=45901&r=trysnapshot53
Try a CVS snapshot (PHP 6.0): 
http://bugs.php.net/fix.php?id=45901&r=trysnapshot60
Fixed in CVS:                 http://bugs.php.net/fix.php?id=45901&r=fixedcvs
Fixed in release:             
http://bugs.php.net/fix.php?id=45901&r=alreadyfixed
Need backtrace:               http://bugs.php.net/fix.php?id=45901&r=needtrace
Need Reproduce Script:        http://bugs.php.net/fix.php?id=45901&r=needscript
Try newer version:            http://bugs.php.net/fix.php?id=45901&r=oldversion
Not developer issue:          http://bugs.php.net/fix.php?id=45901&r=support
Expected behavior:            http://bugs.php.net/fix.php?id=45901&r=notwrong
Not enough info:              
http://bugs.php.net/fix.php?id=45901&r=notenoughinfo
Submitted twice:              
http://bugs.php.net/fix.php?id=45901&r=submittedtwice
register_globals:             http://bugs.php.net/fix.php?id=45901&r=globals
PHP 4 support discontinued:   http://bugs.php.net/fix.php?id=45901&r=php4
Daylight Savings:             http://bugs.php.net/fix.php?id=45901&r=dst
IIS Stability:                http://bugs.php.net/fix.php?id=45901&r=isapi
Install GNU Sed:              http://bugs.php.net/fix.php?id=45901&r=gnused
Floating point limitations:   http://bugs.php.net/fix.php?id=45901&r=float
No Zend Extensions:           http://bugs.php.net/fix.php?id=45901&r=nozend
MySQL Configuration Error:    http://bugs.php.net/fix.php?id=45901&r=mysqlcfg

Reply via email to