Skip to content

Fix memory exhaustion when reading corrupted FPT memo files #136

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
panel-sk wants to merge 9 commits into
base: master
Choose a base branch
from
Open

Fix memory exhaustion when reading corrupted FPT memo files #136

panel-sk wants to merge 9 commits into from
+26 −63

Conversation

@panel-sk
Copy link
Contributor

@panel-sk panel-sk commented Jan 28, 2026

Prevents the memo reader from attempting to allocate excessive memory when encountering corrupted FPT files.

Added a safety check to limit the maximum memo length to 100MB per column, preventing fatal memory errors (e.g., attempts to allocate ~1.9GB) during file processing.

@panel-sk
Fix memory exhaustion when reading corrupted FPT memo files
df1f46c 
Prevents the memo reader from attempting to allocate excessive memory when encountering corrupted FPT files. 

Added a safety check to limit the maximum memo length to 100MB per column, preventing fatal memory errors (e.g., attempts to allocate ~1.9GB) during file processing.
@panel-sk
Update ci.yaml
14023f1 
Fix CI failing due to an outdated upload-artifact
@panel-sk
Fix CI was failing due to an outdated upload-artifact
6d10228
@panel-sk
ci: fix Code Climate reporter download and update artifacts to v4
d8d7b4b 
- Update Code Climate test-reporter download logic to use amancevice/setup-codeclimate action, fixing the 404 error caused by outdated download URLs.
- Upgrade actions/upload-artifact and actions/download-artifact from v2 to v4.
- Implement unique naming for coverage artifacts (clover and cc) to comply with v4 requirements, where artifact names must be unique per job matrix.
- Adjust artifact download paths and glob patterns in upload jobs to match the new v4 directory structure.
- Upgrade actions/checkout to v4 for better performance and security.
@panel-sk
ci: fix Code Climate binary download source
3e30fa4 
- Replaced the failing amancevice/setup-codeclimate action with a direct download from the official Code Climate GitHub releases.
- Fixed the 404 error by using the stable release URL for the test-reporter binary.
- Updated execution commands to use the local path (./cc-test-reporter).
@panel-sk
Bad URL for test reporter
5a6f31c
@panel-sk
Bad URL for codeclimate tester
a50dc04
@panel-sk
Change tests to Codecov
f2504e6 
Code Climate has ended support for the test-reporter binary
@panel-sk
Fix codecov test
0aa5a7f
@codecov-commenter
Copy link

codecov-commenter commented Feb 4, 2026

Welcome to Codecov 🎉

Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests.

Thanks for integrating Codecov - We've got you covered ☂️

@panel-sk
Copy link
Contributor Author

panel-sk commented Feb 4, 2026
edited
Loading

Sorry for spaming with unchecked commits. I'm little still learning how to work with Github. Test are fixed.

  • Fix memory exhaustion when reading corrupted FPT memo files
  • Replaced deprecated Code Climate test-reporter with Codecov for coverage reporting to fix persistent 404/download issues.
  • Updated actions/checkout, actions/upload-artifact, and actions/download-artifact to v4.
  • Ensured unique artifact naming to comply with upload-artifact@v4 requirements.
  • Configured workflow to run on all branches for easier testing in forks.
  • Set fail_ci_if_error to false for Codecov to allow tests to pass even without a token in fork environments.

@panel-sk
Copy link
Contributor Author

panel-sk commented Feb 4, 2026

@gam6itko Hello.

I encountered a critical issue where corrupted memo files (.fpt) caused the StreamWrapper to attempt reading excessive amounts of data, leading to a fatal memory exhaustion error.

Fatal error: Allowed memory size of 1073741824 bytes exhausted (tried to allocate 1932407120 bytes) in /var/www/html/vendor/hisamu/php-xbase/src/Stream/StreamWrapper.php on line 91
[2026-01-28 00:47:45] [ERROR] Fatal error: Allowed memory size of 1073741824 bytes exhausted (tried to allocate 1932407120 bytes) in /var/www/html/vendor/hisamu/php-xbase/src/Stream/StreamWrapper.php:91

When a memo field header is corrupted, the length value can be read as an extremely large integer. The current implementation attempts to allocate memory based on this value without validation.

I've implemented a safety guard that throws an Exception if a single memo field exceeds a 100MB threshold.

While FoxPro theoretically allows large files, a single memo entry exceeding 100MB is highly atypical for standard DBF use cases and almost certainly indicates file corruption. This limit prevents the PHP process from crashing the entire environment.

// Safety check: prevent reading corrupted/huge memo fields (max 100MB)
if ($memoLength[1] > 104857600) {
    throw new \Exception("Corrupted FPT file: memo field size {$memoLength[1]} bytes exceeds 100MB limit");
}

If 100MB is considered too restrictive for this library, I am open to making this value configurable or adjusting it based on your feedback.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@panel-sk @codecov-commenter