Running PHP Version 7.1.30 under RHEL 7.7.
I’m wanting to bump memory_limit, but wasn’t sure if I had the syntax right (i.e. 256M or 256MB). So to start with I put a bad value “Hugo” in as the memory_limit setting. The trouble with this is the result of phpinfo() (run under httpd) literally has the string “Hugo” in place, i.e.:
So this has me somewhat concerned that PHP doesn’t actually do any sanity checking for the value(s). (If the value provided was bad I would expect it to revert to a default, e.g.)
Can anyone comment on this – in particular, how do you know whether PHP will be enforcing things (if an arbitary string can be provided).
Advertisement
Answer
The confusing thing here is that the setting looks like an integer with some special syntax, but is internally defined as a string. The string is then parsed into a separate global variable whenever the value is changed. Crucially, the result of parsing the string to an integer isn’t saved back to the settings table, so when you call phpinfo()
, you see the original input, not the parsed value.
You can see this in the source:
- The setting is defined with a callback for when it is changed
- The callback is fed the raw string value
- The callback for that particular setting parses the string to an integer using a function called
zend_atol
, which handles the special suffixes - It then calls a function which sets a global variable (“AG” means “Allocation Manager Global Variable”, the macro is used to manage thread-safety if that’s compiled in)
The supported syntax is ultimately defined in zend_atol
, which:
- parses the string for a numeric value, ignoring any additional text
- looks at the last character of the string, and multiplies the preceding value if it is
g
,G
,m
,M
,k
, orK
A value with no digits at the start will be parsed as zero. When setting the global variable, this will set the memory limit to the minimum allowed, based on the constant ZEND_MM_CHUNK_SIZE
.
You can see the effect by setting the memory limit, then running a loop that quickly allocates a large amount of memory and seeing what comes out in the error message. For instance:
# Invalid string; sets to compiled minimum php -r 'ini_set("memory_limit", "HUGO"); while(true) $a[]=$a;' # -> PHP Fatal error: Allowed memory size of 2097152 bytes exhausted # Number followed by a string; takes the number php -r 'ini_set("memory_limit", "4000000 HUGO"); while(true) $a[]=$a;' # -> PHP Fatal error: Allowed memory size of 4000000 bytes exhausted # Number followed by a string, but ending in one of the recognised suffixes # This finds both the number and the suffix, so is equivalent to "4M", i.e. 4MiB php -r 'ini_set("memory_limit", "4 HUGO M"); while(true) $a[]=$a;' # -> PHP Fatal error: Allowed memory size of 4194304 bytes exhausted