Bug #62983 [Com]: if user exceeds post_max_size, script may hang on output

[jan at lanteraudio dot nl]

Edit report at https://bugs.php.net/bug.php?id=62983&edit=1

 ID:                 62983
 Comment by:         jan at lanteraudio dot nl
 Reported by:        bkfake-php at yahoo dot com
 Summary:            if user exceeds post_max_size, script may hang on
                     output
 Status:             Feedback
 Type:               Bug
 Package:            Output Control
 Operating System:   Windows
 PHP Version:        5.4.6
 Block user comment: N
 Private report:     N

 New Comment:

Using Apache 2.2 PHP 5.3.5 win xp pro sp3 FF16
Same problem
Very simple script, as soon as uploaded file size exceeds post_max_size script 
stops executing, no error message, so no way to inform users they input a too 
big file.


Previous Comments:
------------------------------------------------------------------------
[2012-08-31 18:00:48] bkfake-php at yahoo dot com

Apache 2.2

My apologies if I incorrectly categorized this finding under "Output Control"

------------------------------------------------------------------------
[2012-08-31 16:27:02] larue...@php.net

are you using builtin webserver?

------------------------------------------------------------------------
[2012-08-31 15:13:14] bkfake-php at yahoo dot com

Description:
------------
set post_max_size  in php.ini to something relatively small (for easy testing)
  say 2M or 3M
  upload_max_filesize setting does not matter...
       though for practical reasons it should be smaller than post_max_size

if posted data exceeds post_max_size... output seems to be limited to under 
24500 - 33000 bytes  (a modest amount of html)     as soon as that unknown 
amount is exceeded, the script "hangs"?

*  next statement after the triggering echo (or print or file passthru, etc) is 
not executed.
*  headers not received by browser,
*  max_execution_time not reached
*  no errors generated (other than Warning "POST Content-Length of xxxx bytes 
exceeds the limit of xxxx bytes in Unknown on line 0,")

firefox just sits spinning "Sending request to localhost..."
IE says waiting for....


Test script:
---------------
<?php

/**
 * set post_max_size  in php.ini to something relatively small (for easy 
testing)
 *   say 2M or 3M
 *   upload_max_filesize setting does not matter...
 *       though for practical reasons it should be smaller than post_max_size
 *
 *   now using this script, upload a file that's over that limit.
 */

if ( $_SERVER['REQUEST_METHOD'] == 'POST' )
{
        /**
         * change $output_length to trigger the bug
         *   on one system I tested, the magic number is 24506.. crashes at 
24507
         *   on another the number is 32742.. crashes at 32743
         *   what limit am I encountering?
         *   this number appears to be arbitrary... varying by system and
         *     I think the scripts memory usage also affects how much may be 
returned
         *     the number seems to remain static to that system..
         *     but if I change this script, the number may change
         *       (ie, changing the length of $repeat_str below)
         */
        $output_length = 24593;         // increase/decrease to 
trigger/not-trigger the bug
        //
        $repeat_str = 'Too much arbitrary output and this script will hang.  
Why so?'."\n";
        // even changing the length of $repeat_str seems to affect the total 
amount that can be output
        //     perhaps due to change in memory usage?
        header('Content-Length: '.$output_length);      // adding/removing 
headers does not have any effect
        $strlen_repeat_str = strlen($repeat_str);
        // output $repeat_str until out $strlen_output = $output_length
        $strlen_output = 0;     // including closing div;
        while ( $strlen_output < $output_length )
        {
                $diff = $output_length - $strlen_output;
                if ( $diff >= $strlen_repeat_str )
                {
                        $strlen_output += $strlen_repeat_str;
                        echo $repeat_str;
                }
                else
                {
                        $strlen_output += $diff;
                        echo substr($repeat_str,0,$diff);
                }
        }
        // when we go over $output_length,  script seems to hang on echo 
statement...
        //   headers not received by browser,
        //   max_execution_time not reached
        //   no errors generated (other than "PHP Warning       localhost       
POST Content-Length of xxxx bytes exceeds the limit of xxxx bytes in Unknown on 
line 0,")
        //  firefox just sits spinning "Sending request to localhost..."
        //  IE says waiting for....
}
else
{
        echo 'uploading a file with a size over '.ini_get('post_max_size').' = 
potential crash';
        ?>
        <form enctype="multipart/form-data" action="" method="post" >
                <input type="file" name="file" />
                <input type="submit" value="submit me!" />
        </form>
        <?php
}

?>

Expected result:
----------------
initial file-upload form...

after submitting the response should be the string 
"Too much arbitrary output and this script will hang.  Why so?"  repeated 
400+times

Actual result:
--------------
script hangs -> nothing returned



------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=62983&edit=1