[php-maint] Bug#450581: Bug#450581: libapache2-mod-php5: ob_start (with gzhandler?) takes 100% mem+swap within a few seconds

Ondřej Surý ondrej at sury.org
Thu Nov 8 13:45:42 UTC 2007

severity 450581 normal
thank you

It's normal bug in php.  Certainly not critical.  Linux systems has
several ways how to prevent processes eating all the available memory.

For the record:

Finally I found out what it was AND it was / is (using this script) a
major flaw in the (gz) output handler; a user on the server uses in his

ob_start("ob_gzhandler", 9);



If something() generates a certain amounts of data, the ob_gzhandler
will get stuck in a loop, eating all memory. 

In the user his particular case, because his database was not working,
some pages always have this 'magic size' (probably some factor of 9 in
this case). 

I tried this on the latest stable of PHP 5 and the bug is still there;
you can crash any php hosting machine on the net with this :(

As to prevent this kind of thing from happening, I put the following
code on the machines; 



while(1) {
  @r=`ps auxwhww|awk '{print \$4,\$2,\$11,\$12,\$13,\$15}'|grep httpd-users|grep -v grep`;
  foreach(@r) {
   /(.*?)\ (.*?)\ (.*)/;
   if ($1>$maxmem) {
    print "$_ killed\n";
    `kill -9 $2`;
  sleep 1;

Update: Only PHP5.x is affected, not lower (tested); didn't try higher.
I have code to reproduce it every run.

tluyben píše v Čt 08. 11. 2007 v 11:42 +0100:
> Package: libapache2-mod-php5
> Version: 5.x
> Severity: critical
> Justification: breaks the whole system
> More info; 
> http://brainfish-eat-fishbrain.blogspot.com/2007/11/checking-what-is-eating-your-memory_08.html
> -- System Information:
> Debian Release: 4.0
>   APT prefers stable
>   APT policy: (500, 'stable')
> Architecture: i386 (i686)
> Shell:  /bin/sh linked to /bin/bash
> Kernel: Linux 2.6.18-3-686-bigmem
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-php-maint
Ondřej Surý <ondrej at sury.org>  ***  http://blog.rfc1925.org/
Kulturní občasník              ***  http://www.obcasnik.cz/
Nehoupat, prosím               ***  http://nehoupat.blogspot.com/

More information about the pkg-php-maint mailing list