Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
A piece of code in PHP that bypasses memory limits and causes memory leak. Works on the latest php7.4 and php8.0 as of 26.12.2020
<?php
ini_set('memory_limit', '1M');
echo 'PHP7.4/PHP8.0 memory leak' . PHP_EOL;
echo 'Memory limit: ' . ini_get('memory_limit') . PHP_EOL;
echo 'PHP version ' . phpversion() . PHP_EOL;
// This code fragment triggers memory allocation error (as expected)
for ($i = 0; $i < 100000000; $i++) {
$arr[] = [$i => 'string-'. $i];
}
// This code fragment bypasses memory limit and causes memory leak
// Looks like some sort of vulnerability in XML module
$sitemapDoc = new DOMDocument('1.0', 'UTF-8');
$loc = htmlspecialchars('https://example.com/url/path/', ENT_QUOTES, 'UTF-8');
for ($i = 0; $i < 100000000; $i++) {
$urlEl = $sitemapDoc->createElement('url');
$urlEl->appendChild($sitemapDoc->createElement('loc', $loc));
$sitemapDoc->appendChild($urlEl);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment