diff options
author | Adam Seitz <adamjseitz@gmail.com> | 2020-12-02 00:40:16 +0100 |
---|---|---|
committer | Christoph M. Becker <cmbecker69@gmx.de> | 2020-12-23 13:49:56 +0100 |
commit | 70dfbe00684eb1c31d5b49f643e4736696c3b7df (patch) | |
tree | 3e43f4d84fff8ea5c71fbf429ca4ce625119d138 | |
parent | b043759cb42b33e02359ca1c30d8d5b68d8a015e (diff) | |
download | php-git-70dfbe00684eb1c31d5b49f643e4736696c3b7df.tar.gz |
Fix #80384: limit read buffer size
In the case of a stream with no filters, php_stream_fill_read_buffer
only reads stream->chunk_size into the read buffer. If the stream has
filters attached, it could unnecessarily buffer a large amount of data.
With this change, php_stream_fill_read_buffer only proceeds until either
the requested size or stream->chunk_size is available in the read buffer.
Co-authored-by: Christoph M. Becker <cmbecker69@gmx.de>
Closes GH-6444.
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | ext/standard/tests/streams/bug79984.phpt | 2 | ||||
-rw-r--r-- | main/streams/streams.c | 3 | ||||
-rw-r--r-- | tests/basic/bug80384.phpt | 28 |
4 files changed, 33 insertions, 2 deletions
@@ -4,6 +4,8 @@ PHP NEWS - Core: . Fixed bug #80523 (bogus parse error on >4GB source code). (Nikita) + . Fixed bug #80384 (filter buffers entire read until file closed). (Adam + Seitz, cmb) - Date: . Fixed bug #80376 (last day of the month causes runway cpu usage. (Derick) diff --git a/ext/standard/tests/streams/bug79984.phpt b/ext/standard/tests/streams/bug79984.phpt index 7126458fff..3a7eca091a 100644 --- a/ext/standard/tests/streams/bug79984.phpt +++ b/ext/standard/tests/streams/bug79984.phpt @@ -52,6 +52,6 @@ fclose($f2); --EXPECT-- filter onCreate filtered 8192 bytes. -filtered 128 bytes and closing. +filtered 128 bytes and closing. Stream has reached end-of-file. int(8320) filter onClose diff --git a/main/streams/streams.c b/main/streams/streams.c index ab413872e0..5f6bf88aa9 100644 --- a/main/streams/streams.c +++ b/main/streams/streams.c @@ -542,6 +542,7 @@ PHPAPI int _php_stream_fill_read_buffer(php_stream *stream, size_t size) /* allocate/fill the buffer */ if (stream->readfilters.head) { + size_t to_read_now = MIN(size, stream->chunk_size); char *chunk_buf; php_stream_bucket_brigade brig_in = { NULL, NULL }, brig_out = { NULL, NULL }; php_stream_bucket_brigade *brig_inp = &brig_in, *brig_outp = &brig_out, *brig_swap; @@ -549,7 +550,7 @@ PHPAPI int _php_stream_fill_read_buffer(php_stream *stream, size_t size) /* allocate a buffer for reading chunks */ chunk_buf = emalloc(stream->chunk_size); - while (!stream->eof && (stream->writepos - stream->readpos < (zend_off_t)size)) { + while (!stream->eof && (stream->writepos - stream->readpos < (zend_off_t)to_read_now)) { ssize_t justread = 0; int flags; php_stream_bucket *bucket; diff --git a/tests/basic/bug80384.phpt b/tests/basic/bug80384.phpt new file mode 100644 index 0000000000..cf30e8601b --- /dev/null +++ b/tests/basic/bug80384.phpt @@ -0,0 +1,28 @@ +--TEST-- +Bug #80384 large reads cause filters to internally buffer large amounts of memory +--FILE-- +<?php +/* First, create a file to read */ +$tmp_filename = __DIR__ . "/bug80384.tmp"; +$fp = fopen($tmp_filename, 'w'); +for ($i=0; $i<1024; $i++) { + fwrite($fp, str_repeat('ABCDEFGH', 1024)); +} +fclose($fp); + +/* Stream the file through a filter */ +$fp = fopen($tmp_filename, 'r'); +$filter = stream_filter_append($fp, "string.rot13"); + +$mem_start = memory_get_usage(); +fread($fp, 8 * 1024 * 1024); +$mem_final = memory_get_usage(); +fclose($fp); +var_dump($mem_final - $mem_start < 32768); +?> +--CLEAN-- +<?php +unlink(__DIR__ . "/bug80384.tmp"); +?> +--EXPECT-- +bool(true) |