You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
<?phpinclude'vendor/autoload.php';
ini_set('memory_limit', '16M'); // might also happen with default 128M, lowering it here just to ensure test fail$mimeValidator = newZend\Validator\File\MimeType(['text/plain']);
file_put_contents('/tmp/foobar', 'test');
var_dump($mimeValidator->isValid('/tmp/foobar'));
unlink('/tmp/foobar');
The problem is finfo_open'ing magic file can be quite noisy (producing a whole lot of warnings) when it isn't super satisfied with a given magic file - albeit still working.
This and the fact the mime validator utilizes Zend\Stdlib\ErrorHandler to suppress notices/warnings - which, under the hood, keeps track of all the exceptions occurred (until the stop is invoked) - could lead to a memory exhausted fatal in memory-limited environment.
Tested on Ubuntu 16.04/17.04 php-7.1.1
I think one of the possible "fixes" (reliability improvement) might be to set an actual explicit ignore error handler (and not use the generic ErrorHandler::start ignoring it's results afterwards)
So, instead of doing:
the errorHandler could be explicitly requested to ignore the errors of given levels: ErrorHandler::ignore(E_NOTICE | E_WARNING);
This would however require changing of Stdlib/ErroHandler as it doesn't provide the ignore functionality atm.
Not only this would prevent the aforementioned use-case failure, it would both have improvements on performance (saving some memory and cpu cycles) and express the intention more clearly in the code.
Test case:
The problem is
finfo_open
'ing magic file can be quite noisy (producing a whole lot of warnings) when it isn't super satisfied with a given magic file - albeit still working.This and the fact the mime validator utilizes
Zend\Stdlib\ErrorHandler
to suppress notices/warnings - which, under the hood, keeps track of all the exceptions occurred (until thestop
is invoked) - could lead to a memory exhausted fatal in memory-limited environment.Tested on Ubuntu 16.04/17.04 php-7.1.1
I think one of the possible "fixes" (reliability improvement) might be to set an actual explicit ignore error handler (and not use the generic
ErrorHandler::start
ignoring it's results afterwards)So, instead of doing:
the errorHandler could be explicitly requested to ignore the errors of given levels:
ErrorHandler::ignore(E_NOTICE | E_WARNING);
This would however require changing of
Stdlib/ErroHandler
as it doesn't provide the ignore functionality atm.Not only this would prevent the aforementioned use-case failure, it would both have improvements on performance (saving some memory and cpu cycles) and express the intention more clearly in the code.
Originally posted by @sserbin at zendframework/zend-validator#207
The text was updated successfully, but these errors were encountered: