Maximum Execution Depth

Code similiar to the following piece will crash PHP, because within the PHP executor, there is no protection against unlimited recursion. This problem is known to the PHP developers for a long time, but they do not consider it important enough to do anything against it.

<?php
   function rec()
   {
      rec();
   }
   rec();
?>

The moment the process runs out of stack PHP will crash. With Suhosin installed it is possible to protect against this kind of attack with the suhosin.executor.max_depth configuration directive.

Back to the feature list


© Hardened PHP Project