PHP bug...? Topic is solved

Talk about code development, features, specific bugs, enhancements, patches, and similar things.
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.

This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.

Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
SLotman

PHP bug...?

Unread post by SLotman » 2017-08-07, 06:41

I honestly don't know if this is a bug with Pale Moon, something that happens across all browsers or what. But I did something REALLY BAD today.

I was coding in PHP - a simple routine to read a CSV file and display its contents on screen. I did just this:

Code: Select all

while (($data = fgetcsv($handle, 0, ",")) !== FALSE) { echo $data[0] . '-' . $data[1]; } 
fclose($handle);
The thing is: I completely forgot to first OPEN the file with fopen, so $handle was probably NULL.

Pale Moon went nuts with this, "retrieving" data nonstop from the server, to the point of completely making my laptop unresponsive. I had to SHUT IT DOWN (the computer!) because I couldn't even move the mouse. ctrl+shift+esc, ctrl+alt+del and even Windows+X wouldn't respond.

The server, I think is on PHP 5.6, if that helps in any way.
Is this a bug? Shouldn't something like this just show a NULL error or something on PHP?

SLotman

Re: PHP bug...?

Unread post by SLotman » 2017-08-07, 06:51

Just did a quick Google search, and first result... (look at the first comment!)
It is a PHP bug! (Don't know if newer versions fixed this...)

https://bugs.php.net/bug.php?id=49708&edit=3

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35477
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: PHP bug...?

Unread post by Moonchild » 2017-08-07, 08:24

It would be a PHP bug, indeed. The browser/client can only respond to what it's been fed, and if that's a constant stream of garbage data, then it may result in a client denial of service situation as the browser will do its best to make sense of it.

According to the PHP bug linked to, the documentation for it is wrong and it will never return "false", but will return "null" instead. Your while loop will therefore never exit and it will keep endlessly feeding garbage to the browser.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

RJARRRPCGP
Lunatic
Lunatic
Posts: 400
Joined: 2015-06-22, 19:48
Location: USA (North Springfield, Vermont)
Contact:

Re: PHP bug...?

Unread post by RJARRRPCGP » 2017-08-07, 15:42

Looks like we found an exploit! :o

I would be worried about a DoS kernel exploit (or other system component-related) that causes folks to lose control of their system and forced to hold the power button and risk file corruption...

I smell a system update coming... :(

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35477
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: PHP bug...?

Unread post by Moonchild » 2017-08-07, 15:44

Whut?
This isn't exploitable. It's garbage in, garbage out.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

SLotman

Re: PHP bug...?

Unread post by SLotman » 2017-08-08, 07:39

Isn't there anything that can be done to prevent that? (I mean: Pale Moon taking so much resources it will take the whole OS down?)
Something like the same that happens with Javascript ("This script is taking too long..."), but for a page ("This page is taking too many resources...?")

I know its something way out of what a browser should implement - but imagine people doing something like that on purpose to crash other's computers... O_o

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35477
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: PHP bug...?

Unread post by Moonchild » 2017-08-08, 08:47

It shouldn't take the whole OS down. Pale Moon is just a normal application -- if it takes the entire OS down then that's a problem with the OS.
Out of curiosity: which Windows version are we talking about?

As to catching something like this... that's notoriously difficult. You don't want the browser to abort when a legitimate page is just busy for a few seconds, for example, or when it requests a large amount of memory (most web apps would break)...
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

SLotman

Re: PHP bug...?

Unread post by SLotman » 2017-08-09, 21:10

The OS: Windows 8 Pro.

I imagine it would be something quite hard to "block" correctly (other than in the OS level), indeed :/
At least, It was the first time, in a long, long time that I saw this machine crashing...

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35477
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: PHP bug...?

Unread post by Moonchild » 2017-08-09, 22:58

Windows 8 is notorious for locking up due to networking. I can't really say I'm surprised there.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Locked