News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Nikita Popov's Blog:
Supercolliding a PHP array
December 29, 2011 @ 12:15:30

In a new post to his blog Nikita Popov talks about a little trick with inserting values into arrays that can make it take a lot longer than it should (because of how PHP stores its array values in hashtables).

PHP internally uses hashtables to store arrays. The above creates a hashtable with 100% collisions (i.e. all keys will have the same hash). [...] Because every hash function has collisions this C array doesn't actually store the value we want, but a linked list of possible values. [...] Normally there will be only a small number of collisions, so in most cases the linked list will only have one value. But the [included script] creates a hash where all elements collide.

He explains why it works, noting that it's relatively simple to do in PHP because of how it applies a table mask. The slowness comes in when PHP is forced to go through the entire list when it tries to insert. Because of this issue, there's the potential for a Denial of Service attack that could potentially take a server down. There's a fix already in place for the problem, though, so keep an eye out for the next release (that will include a max_input_vars setting to prevent it).

0 comments voice your opinion now!
collision array hashtable mask denialofservice overload


blog comments powered by Disqus

Similar Posts

Christopher Jones' Blog: Casting PL/SQL arrays as REF CURSORS for Ruby (and PHP)

DeveloperTutorials.com: Inserting An Array Into A Database

PHPMac.com: IP Banning

Christopher Jones' Blog: Casting PL/SQL arrays as REF CURSORS for Ruby (and PHP)

Nikic's Blog: How big are PHP arrays (and values) really? (Hint: BIG!)


Community Events





Don't see your event here?
Let us know!


podcast interview introduction release language configure opinion list laravel refactor testing threedevsandamaybe community unittest series framework developer code experience install

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework