Fatal error: pll__() exhausts memory with 4295229440 bytes allocation

  • trustmeimanengineer

    (@trustmeimanengineer)


    2 months, 2 weeks ago

    Hi,

    We’ve hit a critical bug where pll__() causes a PHP fatal error that takes the

    entire site down. The allocation size (4295229440 bytes = exactly 2^32)
    strongly
    suggests an integer overflow inside pll__() or its internal string processing.

    Environment:

    • WordPress: 6.9.1
    • Polylang: 3.7.7 (also tested 3.7.8 — issue not fixed)
    • WooCommerce: 10.5.2
    • Flexible Checkout Fields: 4.1.35
    • PHP: 8.3 Error:
      PHP Fatal error: Allowed memory size of 268435456 bytes exhausted
      (tried to allocate 4295229440 bytes) in
      wp-content/plugins/flexible-checkout-fields/inc/wpdesk-woo27-functions.php on
      line 79 The call stack leads to:
      wpdesk__( $text, $domain ) → pll__( $text ) → fatal error Key observations:
    1. The allocation size 4295229440 = 0x100000000 = 2^32 is characteristic of a
      signed/unsigned integer overflow (e.g., -1 interpreted as unsigned 32-bit)
    2. The error fires on EVERY page request once triggered — the site becomes
      completely inaccessible
    3. The bug did NOT occur immediately after plugin installation. It appeared
      6 days later, triggered by wp-cron rebuilding Polylang’s translation cache
    4. Polylang 3.7.8 changelog does not address this issue Likely cause:
      pll__() appears to pass a specific string to an internal function that
      performs
      a size calculation resulting in integer overflow, then attempts to allocate
      the
      resulting ~4GB of memory. Workaround:
      Disabling Flexible Checkout Fields immediately resolves the issue, suggesting
      the problematic string originates from that plugin’s translation strings. Request:
      Could you investigate what happens inside pll__() when it receives a string
      that
      triggers this overflow? Adding input validation or a memory_get_usage() guard
      before large allocations might prevent site-wide crashes even if the root
      cause
      is in a third-party plugin’s string. This is version 3.7.7 regression — the combination with WooCommerce plugins
      worked fine with earlier Polylang versions on the same site. Thank you.

You must be logged in to reply to this topic.