Edit report at https://bugs.php.net/bug.php?id=62983&edit=1
ID: 62983 Updated by: php-bugs@lists.php.net Reported by: bkfake-php at yahoo dot com Summary: if user exceeds post_max_size, script may hang on output -Status: Feedback +Status: No Feedback Type: Bug Package: Output Control Operating System: Windows PHP Version: 5.4.6 New Comment: No feedback was provided. The bug is being suspended because we assume that you are no longer experiencing the problem. If this is not the case and you are able to provide the information that was requested earlier, please do so and change the status of the bug back to "Open". Thank you. Previous Comments: ------------------------------------------------------------------------ [2013-02-02 23:37:59] jan at lanteraudio dot nl Using Apache 2.2 PHP 5.3.5 win xp pro sp3 FF16 Same problem Very simple script, as soon as uploaded file size exceeds post_max_size script stops executing, no error message, so no way to inform users they input a too big file. ------------------------------------------------------------------------ [2012-08-31 18:00:48] bkfake-php at yahoo dot com Apache 2.2 My apologies if I incorrectly categorized this finding under "Output Control" ------------------------------------------------------------------------ [2012-08-31 16:27:02] larue...@php.net are you using builtin webserver? ------------------------------------------------------------------------ [2012-08-31 15:13:14] bkfake-php at yahoo dot com Description: ------------ set post_max_size in php.ini to something relatively small (for easy testing) say 2M or 3M upload_max_filesize setting does not matter... though for practical reasons it should be smaller than post_max_size if posted data exceeds post_max_size... output seems to be limited to under 24500 - 33000 bytes (a modest amount of html) as soon as that unknown amount is exceeded, the script "hangs"? * next statement after the triggering echo (or print or file passthru, etc) is not executed. * headers not received by browser, * max_execution_time not reached * no errors generated (other than Warning "POST Content-Length of xxxx bytes exceeds the limit of xxxx bytes in Unknown on line 0,") firefox just sits spinning "Sending request to localhost..." IE says waiting for.... Test script: --------------- <?php /** * set post_max_size in php.ini to something relatively small (for easy testing) * say 2M or 3M * upload_max_filesize setting does not matter... * though for practical reasons it should be smaller than post_max_size * * now using this script, upload a file that's over that limit. */ if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) { /** * change $output_length to trigger the bug * on one system I tested, the magic number is 24506.. crashes at 24507 * on another the number is 32742.. crashes at 32743 * what limit am I encountering? * this number appears to be arbitrary... varying by system and * I think the scripts memory usage also affects how much may be returned * the number seems to remain static to that system.. * but if I change this script, the number may change * (ie, changing the length of $repeat_str below) */ $output_length = 24593; // increase/decrease to trigger/not-trigger the bug // $repeat_str = 'Too much arbitrary output and this script will hang. Why so?'."\n"; // even changing the length of $repeat_str seems to affect the total amount that can be output // perhaps due to change in memory usage? header('Content-Length: '.$output_length); // adding/removing headers does not have any effect $strlen_repeat_str = strlen($repeat_str); // output $repeat_str until out $strlen_output = $output_length $strlen_output = 0; // including closing div; while ( $strlen_output < $output_length ) { $diff = $output_length - $strlen_output; if ( $diff >= $strlen_repeat_str ) { $strlen_output += $strlen_repeat_str; echo $repeat_str; } else { $strlen_output += $diff; echo substr($repeat_str,0,$diff); } } // when we go over $output_length, script seems to hang on echo statement... // headers not received by browser, // max_execution_time not reached // no errors generated (other than "PHP Warning localhost POST Content-Length of xxxx bytes exceeds the limit of xxxx bytes in Unknown on line 0,") // firefox just sits spinning "Sending request to localhost..." // IE says waiting for.... } else { echo 'uploading a file with a size over '.ini_get('post_max_size').' = potential crash'; ?> <form enctype="multipart/form-data" action="" method="post" > <input type="file" name="file" /> <input type="submit" value="submit me!" /> </form> <?php } ?> Expected result: ---------------- initial file-upload form... after submitting the response should be the string "Too much arbitrary output and this script will hang. Why so?" repeated 400+times Actual result: -------------- script hangs -> nothing returned ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=62983&edit=1