PHP Fatal error: fread() Argument #2 must be > 0 when reading attack-data.php

  • Resolved mahioo

    (@mahioo)


    7 months, 2 weeks ago

    Hello Wordfence team,

    We are experiencing a fatal PHP error caused by fread() being called with a negative length within the Wordfence WAF storage file. This appears to happen during the attack data synchronization/retrieval process. We’ve tried to debug it by editing the following function on the file wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php

           /**
    	 * @param resource $fileHandle
    	 * @param int $offset
    	 * @param int $length
    	 * @return bool
    	 */
    	public function _getAttackDataRowsNewerThan($fileHandle, $offset, $length) {
    		fseek($fileHandle, $offset);
    		self::lock($fileHandle, LOCK_SH);
    		$binaryTimestamp = fread($fileHandle, 8);
    		self::lock($fileHandle, LOCK_UN);
    		$timestamp = wfWAFAttackDataStorageFileEngine::unpackMicrotime($binaryTimestamp);

    		// --- ADDED IN-DEPTH DEBUG LOGGING BELOW ---
    		$fread_length = $length - 8;

    		// Get the file stream metadata to extract the file name
    		$stream_meta = stream_get_meta_data($fileHandle);
    		$filename = $stream_meta['uri'];

    		error_log(
    			"wfWAFStorageFile DEBUG: " .
    			"File: " . $filename . // <-- Added file name here
    			", Offset: " . $offset .
    			", Total Length: " . $length .
    			", Binary Timestamp Length: " . strlen($binaryTimestamp) .
    			", Calculated fread Length: " . $fread_length
    		);
    		// --- END OF ADDED DEBUG LOGGING STATEMENT ---

    		if ($timestamp > $this->attackDataNewerThan) {
    			$binary = $binaryTimestamp . fread($fileHandle, $fread_length);
    			$row = wfWAFAttackDataStorageFileEngineRow::unpack($binary);
    			$data = $this->unserializeRow($row->getData());
    			if (is_array($data)) {
    				array_unshift($data, $row->getTimestamp());
    				$this->attackDataRows[] = $data;
    			}
    			return true;
    		}
    		return false;
    	}

    The log:

    [28-Oct-2025 15:56:53 UTC] wfWAFStorageFile DEBUG: File: /code/web/wp-content/wflogs/attack-data.php, Offset: 56112, Total Length: 2025, Binary Timestamp Length: 8, Calculated fread Length: 2017
    [28-Oct-2025 15:56:53 UTC] wfWAFStorageFile DEBUG: File: /code/web/wp-content/wflogs/attack-data.php, Offset: 54127, Total Length: 1985, Binary Timestamp Length: 8, Calculated fread Length: 1977
    [28-Oct-2025 15:56:53 UTC] wfWAFStorageFile DEBUG: File: /code/web/wp-content/wflogs/attack-data.php, Offset: 52124, Total Length: 2003, Binary Timestamp Length: 8, Calculated fread Length: 1995
    [28-Oct-2025 15:56:53 UTC] wfWAFStorageFile DEBUG: File: /code/web/wp-content/wflogs/attack-data.php, Offset: 0, Total Length: 51200, Binary Timestamp Length: 8, Calculated fread Length: 51192
    [28-Oct-2025 15:56:53 UTC] wfWAFStorageFile DEBUG: File: /code/web/wp-content/wflogs/attack-data.php, Offset: 0, Total Length: 0, Binary Timestamp Length: 8, Calculated fread Length: -8
    [28-Oct-2025 15:56:53 UTC] PHP Fatal error:  Uncaught ValueError: fread(): Argument #2 ($length) must be greater than 0 in /code/web/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php:281
    Stack trace:
    #0 /code/web/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(281): fread(Resource id #5, -8)
    #1 /code/web/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(1250): wfWAFStorageFile->_getAttackDataRowsNewerThan(Resource id #5, 0, 0)
    #2 /code/web/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(246): wfWAFAttackDataStorageFileEngine->scanRowsReverse(Array)
    #3 /code/web/wp-content/plugins/wordfence/lib/wordfenceClass.php(9033): wfWAFStorageFile->getNewestAttackDataArray('0.000000')
    #4 /code/web/wp-includes/class-wp-hook.php(322): wordfence::syncAttackData()
    #5 /code/web/wp-includes/class-wp-hook.php(348): WP_Hook->apply_filters(NULL, Array)
    #6 /code/web/wp-includes/plugin.php(517): WP_Hook->do_action(Array)
    #7 /code/web/wp-settings.php(727): do_action('init')
    #8 /code/web/wp-config.php(395): require_once('/code/web/wp-se...')
    #9 /code/web/wp-load.php(50): require_once('/code/web/wp-co...')
    #10 /code/web/wp-blog-header.php(13): require_once('/code/web/wp-lo...')
    #11 /code/web/index.php(17): require('/code/web/wp-bl...')
    #12 {main}
      thrown in /code/web/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php on line 281

    Thanks for looking into that.

Viewing 1 replies (of 1 total)
  • Plugin Support wfscott

    (@wfscott)

    7 months, 2 weeks ago

    Hello, @mahioo

    Thanks for sending over the information. The error you’re seeing could be due to a file-locking issue. The recommendation is to switch to our MySQLi storage engine, which stores the firewall data in the database rather than in files in the wflogs folder.

    Our documentation on putting that in place is here: https://www.wordfence.com/help/firewall/mysqli-storage-engine/#switching-to-the-mysqli-storage-engine

    For that, you will need to add the following line to your “wordfence-waf.php” file (if your firewall is optimized):

    define('WFWAF_STORAGE_ENGINE', 'mysqli');

    If you have not optimized the firewall, you could add the line to the WordPress “wp-config.php” file as described on our constants help page instead.

    You can check whether the firewall is optimized by going to Wordfence > Firewall > All Firewall Options > Protection Level. If you see an Optimize Wordfence Firewall button, then the firewall is not currently optimized. I recommend backing up any files before modifying them.

    Let us know if that helps or if you have any questions.

    Thanks,
    Scott

Viewing 1 replies (of 1 total)

The topic ‘PHP Fatal error: fread() Argument #2 must be > 0 when reading attack-data.php’ is closed to new replies.