New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

It does not move on PHP7.1.5 #134

Closed
git-kurara opened this Issue May 12, 2017 · 16 comments

Comments

Projects
None yet
6 participants
@git-kurara

git-kurara commented May 12, 2017

Hi.
Thank you for a wonderful library.

But it does not move in my environment, I made Issue.

It runs on PHP 7.1.5, but processing will not proceed at the following places.

library\HTMLPurifier\HTMLModule\List.php:32

$ol = $this->addElement('ol', 'List', new HTMLPurifier_ChildDef_List(), 'Common');

Commenting out this part will work.

Endless run and CPU process is 100%.

Please Help me.

Thank you.

@git-kurara

This comment has been minimized.

Show comment
Hide comment
@git-kurara

git-kurara May 13, 2017

Add comment .

The problem does not seem to be related to the input that is passed to the purifier. For all input, when I try to purify the text, there are no errors thrown but the process hangs, and the CPU usage for that process becomes 100%.

Add comment .

The problem does not seem to be related to the input that is passed to the purifier. For all input, when I try to purify the text, there are no errors thrown but the process hangs, and the CPU usage for that process becomes 100%.

@ezyang

This comment has been minimized.

Show comment
Hide comment
@ezyang

ezyang May 13, 2017

Owner

I ran the test suite with 7.1.5-1+deb.sury.org~xenial+1, but I didn't see any hang. Is this on Windows? Can you test with other versions of PHP and see if there are similar problems?

Owner

ezyang commented May 13, 2017

I ran the test suite with 7.1.5-1+deb.sury.org~xenial+1, but I didn't see any hang. Is this on Windows? Can you test with other versions of PHP and see if there are similar problems?

@thedotedge

This comment has been minimized.

Show comment
Hide comment
@thedotedge

thedotedge May 14, 2017

Reproducible on 7.1.4 and 7.1.5 (CentOS 6 x86_64). Here's the trace from php-fpm:

[0x00007f6d1f013e40] Composer\Autoload\includeFile() /srv/site/vendor/composer/ClassLoader.php:322
[0x00007f6d1f013db0] loadClass() unknown:0
[0x00007f6d1f013d50] spl_autoload_call() unknown:0
[0x00007ffd27450680] ???() /srv/site/vendor/ezyang/htmlpurifier/library/HTMLPurifier/HTMLModule/List.php:32
[0x00007f6d1f013be0] setup() /srv/site/vendor/ezyang/htmlpurifier/library/HTMLPurifier/HTMLModuleManager.php:288
[0x00007f6d1f013a80] setup() /srv/site/vendor/ezyang/htmlpurifier/library/HTMLPurifier/HTMLDefinition.php:220
[0x00007f6d1f0139c0] processModules() /srv/site/vendor/ezyang/htmlpurifier/library/HTMLPurifier/HTMLDefinition.php:195
[0x00007f6d1f013910] doSetup() /srv/site/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Definition.php:51
[0x00007f6d1f0138a0] setup() /srv/site/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Config.php:515
[0x00007f6d1f013780] getDefinition() /srv/site/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Config.php:415
[0x00007f6d1f013700] getHTMLDefinition() /srv/site/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Generator.php:74
[0x00007f6d1f013670] __construct() /srv/site/vendor/ezyang/htmlpurifier/library/HTMLPurifier.php:158
[0x00007f6d1f0134f0] purify() /srv/site/src/site/DAO/ProfileCompositeDAO.php:1306
[0x00007f6d1f013380] saveCv() /srv/site/src/site/Web/Controller/MyController.php:368
[0x00007f6d1f0132d0] cvAction() /srv/site/src/site/Web/Controller/BaseController.php:200
[0x00007f6d1f013240] process() /srv/site/src/site/Web/Dispatcher.php:188
[0x00007f6d1f013120] dispatch() /srv/site/www.site.com/bootstrap.php:61

thedotedge commented May 14, 2017

Reproducible on 7.1.4 and 7.1.5 (CentOS 6 x86_64). Here's the trace from php-fpm:

[0x00007f6d1f013e40] Composer\Autoload\includeFile() /srv/site/vendor/composer/ClassLoader.php:322
[0x00007f6d1f013db0] loadClass() unknown:0
[0x00007f6d1f013d50] spl_autoload_call() unknown:0
[0x00007ffd27450680] ???() /srv/site/vendor/ezyang/htmlpurifier/library/HTMLPurifier/HTMLModule/List.php:32
[0x00007f6d1f013be0] setup() /srv/site/vendor/ezyang/htmlpurifier/library/HTMLPurifier/HTMLModuleManager.php:288
[0x00007f6d1f013a80] setup() /srv/site/vendor/ezyang/htmlpurifier/library/HTMLPurifier/HTMLDefinition.php:220
[0x00007f6d1f0139c0] processModules() /srv/site/vendor/ezyang/htmlpurifier/library/HTMLPurifier/HTMLDefinition.php:195
[0x00007f6d1f013910] doSetup() /srv/site/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Definition.php:51
[0x00007f6d1f0138a0] setup() /srv/site/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Config.php:515
[0x00007f6d1f013780] getDefinition() /srv/site/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Config.php:415
[0x00007f6d1f013700] getHTMLDefinition() /srv/site/vendor/ezyang/htmlpurifier/library/HTMLPurifier/Generator.php:74
[0x00007f6d1f013670] __construct() /srv/site/vendor/ezyang/htmlpurifier/library/HTMLPurifier.php:158
[0x00007f6d1f0134f0] purify() /srv/site/src/site/DAO/ProfileCompositeDAO.php:1306
[0x00007f6d1f013380] saveCv() /srv/site/src/site/Web/Controller/MyController.php:368
[0x00007f6d1f0132d0] cvAction() /srv/site/src/site/Web/Controller/BaseController.php:200
[0x00007f6d1f013240] process() /srv/site/src/site/Web/Dispatcher.php:188
[0x00007f6d1f013120] dispatch() /srv/site/www.site.com/bootstrap.php:61
@git-kurara

This comment has been minimized.

Show comment
Hide comment
@git-kurara

git-kurara May 16, 2017

I environments.

OS : CentOS6.8
PHP : 7.1.5 (Install by yum)

@thedotedge
Thanks, you are output !!

I environments.

OS : CentOS6.8
PHP : 7.1.5 (Install by yum)

@thedotedge
Thanks, you are output !!

@ezyang

This comment has been minimized.

Show comment
Hide comment
@ezyang

ezyang May 16, 2017

Owner

Thanks @thedotedge. Do you have a small script that causes this? Judging from the trace, it kind of looks like PHP 7 has finally made a backwards breaking change to the serialize() format. If that's the case, running php maintenance/flush.php should fix it.

Owner

ezyang commented May 16, 2017

Thanks @thedotedge. Do you have a small script that causes this? Judging from the trace, it kind of looks like PHP 7 has finally made a backwards breaking change to the serialize() format. If that's the case, running php maintenance/flush.php should fix it.

@thedotedge

This comment has been minimized.

Show comment
Hide comment
@thedotedge

thedotedge May 16, 2017

It was something like:

$config = HTMLPurifier_Config::createDefault();
            $config->set('Cache.SerializerPath', '/var/cache/htmlpurifier');
            $config->set('HTML.SafeIframe', true);
            $config->set('HTML.Nofollow', true);
            $config->set('AutoFormat.RemoveSpansWithoutAttributes', true);
            $config->set('Attr.AllowedFrameTargets', ['_blank']); // allow target=_blank
            $config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%'); //allow YouTube and Vimeo
            $config->set('HTML.ForbiddenAttributes', ['onload']); // svg onload="alert" XSS
            $htmlPurifier = new HTMLPurifier($config);
           $htmlPurifier->purify($string);

I have tried flushing the cache, but then it spiked and 100% exactly at HTMLPurifier/HTMLModule/List.php:32

It was something like:

$config = HTMLPurifier_Config::createDefault();
            $config->set('Cache.SerializerPath', '/var/cache/htmlpurifier');
            $config->set('HTML.SafeIframe', true);
            $config->set('HTML.Nofollow', true);
            $config->set('AutoFormat.RemoveSpansWithoutAttributes', true);
            $config->set('Attr.AllowedFrameTargets', ['_blank']); // allow target=_blank
            $config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%'); //allow YouTube and Vimeo
            $config->set('HTML.ForbiddenAttributes', ['onload']); // svg onload="alert" XSS
            $htmlPurifier = new HTMLPurifier($config);
           $htmlPurifier->purify($string);

I have tried flushing the cache, but then it spiked and 100% exactly at HTMLPurifier/HTMLModule/List.php:32

@ezyang

This comment has been minimized.

Show comment
Hide comment
@ezyang

ezyang May 17, 2017

Owner

I tried again with php-fpm on Ubuntu but still could not reproduce, so it sounds like this is a CentOS specific problem. Unfortunately, I don't have easy access to any CentOS server; does anyone have one they can lob me ssh access to?

Owner

ezyang commented May 17, 2017

I tried again with php-fpm on Ubuntu but still could not reproduce, so it sounds like this is a CentOS specific problem. Unfortunately, I don't have easy access to any CentOS server; does anyone have one they can lob me ssh access to?

@fr00x

This comment has been minimized.

Show comment
Hide comment
@fr00x

fr00x May 18, 2017

We got hit hard in production today by this as our host updated their PHP Version to 7.1.5.

I can reproduce this loop on a CloudLinux and PHP 7.1.5. Doing the flush Operation has no effect.

However, on Ubuntu with 7.1.5-1+deb.sury.org~trusty+1 no issues.

I am trying to find a system for you to test.

fr00x commented May 18, 2017

We got hit hard in production today by this as our host updated their PHP Version to 7.1.5.

I can reproduce this loop on a CloudLinux and PHP 7.1.5. Doing the flush Operation has no effect.

However, on Ubuntu with 7.1.5-1+deb.sury.org~trusty+1 no issues.

I am trying to find a system for you to test.

@fr00x

This comment has been minimized.

Show comment
Hide comment
@fr00x

fr00x May 22, 2017

@git-kurara @thedotedge Is anyone of you guys able to provide a temporary debug/test system for @ezyang?

I can only offer a CentOS 7.3 which in combination with PHP 7.1.5 is not showing any loops right now. The loop only is visible on our production system running CentOS 6.9.

fr00x commented May 22, 2017

@git-kurara @thedotedge Is anyone of you guys able to provide a temporary debug/test system for @ezyang?

I can only offer a CentOS 7.3 which in combination with PHP 7.1.5 is not showing any loops right now. The loop only is visible on our production system running CentOS 6.9.

@MPSinclair

This comment has been minimized.

Show comment
Hide comment
@MPSinclair

MPSinclair May 24, 2017

Could this be related to opcache?

On CentOS 6.9 with PHP-FPM 7.1.5 and opcache enabled, just including the standalone causes a timeout. I switched to using the lite library and was able to include fine, but trying to run the parser resulted again in timing out. As soon as I disabled opcache the parser executed quickly.

Could this be related to opcache?

On CentOS 6.9 with PHP-FPM 7.1.5 and opcache enabled, just including the standalone causes a timeout. I switched to using the lite library and was able to include fine, but trying to run the parser resulted again in timing out. As soon as I disabled opcache the parser executed quickly.

@ezyang

This comment has been minimized.

Show comment
Hide comment
@ezyang

ezyang May 24, 2017

Owner

@MPSinclair This wouldn't be the first time an opcache bug caused HTML Purifier to infinite loop, see #108. I'll take a look.

Owner

ezyang commented May 24, 2017

@MPSinclair This wouldn't be the first time an opcache bug caused HTML Purifier to infinite loop, see #108. I'll take a look.

@ezyang

This comment has been minimized.

Show comment
Hide comment
@ezyang

ezyang May 24, 2017

Owner

In fact, someone has already filed upstream: https://bugs.php.net/bug.php?id=74623

Owner

ezyang commented May 24, 2017

In fact, someone has already filed upstream: https://bugs.php.net/bug.php?id=74623

@git-kurara

This comment has been minimized.

Show comment
Hide comment
@git-kurara

git-kurara May 29, 2017

@ezyang

Oh, Thanks.

As a bug in PHP, you have to watch over what can be solved.

@ezyang

Oh, Thanks.

As a bug in PHP, you have to watch over what can be solved.

@Xiphin

This comment has been minimized.

Show comment
Hide comment
@Xiphin

Xiphin Jun 1, 2017

Contributor

It seems to be fixed by me:
Xiphin@cb4871f
Xiphin@b9bc103

Contributor

Xiphin commented Jun 1, 2017

It seems to be fixed by me:
Xiphin@cb4871f
Xiphin@b9bc103

@git-kurara

This comment has been minimized.

Show comment
Hide comment
@git-kurara

git-kurara Jun 2, 2017

@Xiphin

Great work !!!!!

It work in my environment.

I hope this Pull Request.

Fix: using null instead of false. Fixed CPU is 100% on PHP 7.1.* : #137

@Xiphin

Great work !!!!!

It work in my environment.

I hope this Pull Request.

Fix: using null instead of false. Fixed CPU is 100% on PHP 7.1.* : #137

@ezyang

This comment has been minimized.

Show comment
Hide comment
@ezyang

ezyang Jun 3, 2017

Owner

I merged. Probably not going to release in the near future.

Owner

ezyang commented Jun 3, 2017

I merged. Probably not going to release in the near future.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment