Edit report at https://bugs.php.net/bug.php?id=60256&edit=1
ID: 60256
User updated by: andreas dot ringlstetter at gmail dot com
Reported by: andreas dot ringlstetter at gmail dot com
Summary: 64kB memory leak in exec() and related functions
-Status: Feedback
+Status: Open
Type: Bug
Package: Program Execution
Operating System: Windows XP SP3 32bit
PHP Version: 5.3.8
Block user comment: N
Private report: N
New Comment:
I can't reproduce the bug on Windows 7 either, but it looks much like the
memory
leak is caused by the antivir software running on the same machine (McAfee with
active IPS, onaccessscan and software firewall).
However, disabling those services is not an option and since every other
scriptengine (tested perl, python, vbs and even java on this machine) is
unaffected and those services are enforced by company guideline. This leads to
the conclusion that there must be something about the way php starts or ends
processes in windows. Bug #42602 was only "fixed" by deactivating the software
firewall on that system, but that is no solution on productive systems. Also
this means, that this bug at least exists since 2007.
This bug therefore causes a DoS vulnerability in any php application which
makes
use of exec() and is running on a Windows XP machine with McAfee as IPS
solution, possibly other IPS solutions are also affected.
Previous Comments:
------------------------------------------------------------------------
[2011-11-11 00:51:01] cataphr...@php.net
I can't reproduce in Windows 7 64-bit (32-bit binaries). Are you able to test
this on this OS?
------------------------------------------------------------------------
[2011-11-10 13:42:12] andreas dot ringlstetter at gmail dot com
Description:
------------
For each call to exec(), system(), popen() oder proc_open(), Windows will show
an
increase of 64kB in total commited memory. Those 64kB don't add to the memory
commited by PHP and Windows won't free the memory when the php process
terminates.
The memory will only be freed, when the user closes the windows session.
Repeated calls (depending on your system memory somewhere around 10-50.000
calls)
to those functions will render the system unable to start new threads and cause
the windows kernel to force a reboot. This was confirmed on 3 independent
machines.
This problem occures both in cli mode and with mod_php as Apache module. This
problems even occurs when proc_open is used with the "bypass_shell" option.
The problem appears similiar to #42602, but every other script engine does just
fine on this machine, so it must somehow be related to the way php starts
processes in Windows.
Test script:
---------------
<?php
// 1000 calls = 1000 * 64kB = 64MB memory leak
for($i = 0; $i < 1000; $i++) {
exec("who"); // Or any other command of your choice
if($i%100 == 0) {
// Shows constant amount
echo memory_get_usage()."\r\n";
// Also constant
echo memory_get_usage(true)."\r\n";
}
}
Expected result:
----------------
The amount commited memory of the system should go back to normal when the php
process amd all started child processes terminate.
Actual result:
--------------
For each call of exec(), additional 64kB of memory will be commited, allthough
windows claims that this memory is not assigned to any process. This memory
will
only be freed, when the windows session is closed.
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=60256&edit=1
