|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2017-02-13 02:09 UTC] stas@php.net
-Status: Open
+Status: Feedback
[2017-02-13 02:09 UTC] stas@php.net
[2017-02-13 08:04 UTC] idaifish at gmail dot com
-Status: Feedback
+Status: Open
[2017-02-13 08:04 UTC] idaifish at gmail dot com
[2017-02-13 23:55 UTC] cmb@php.net
[2017-02-14 11:06 UTC] idaifish at gmail dot com
[2017-07-05 04:13 UTC] stas@php.net
[2017-07-05 04:13 UTC] stas@php.net
-Status: Open
+Status: Closed
[2017-07-05 04:23 UTC] stas@php.net
[2017-07-06 08:50 UTC] krakjoe@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sun Oct 26 09:00:01 2025 UTC |
Description: ------------ Segmentation fault. Tested on Ubuntu16.04LTS. $ uname -a Linux ubuntu 4.4.0-62-generic #83-Ubuntu SMP Wed Jan 18 14:10:15 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux $php -v PHP 7.1.1 (cli) (built: Feb 12 2017 15:35:23) ( NTS ) Copyright (c) 1997-2017 The PHP Group Zend Engine v3.1.0, Copyright (c) 1998-2017 Zend Technologies Test script: --------------- <?php $pattern = "/(((?(?!))0(?1))(?''))/"; preg_match($pattern, "helloworld"); ?> Actual result: -------------- ASAN Result: ==106214==ERROR: AddressSanitizer: SEGV on unknown address 0x60b000017fe0 (pc 0x000000750be8 bp 0x7ffe5a0aeb60 sp 0x7ffe5a0adf00 T0) ==106214==The signal is caused by a READ memory access. #0 0x750be7 in compile_bracket_matchingpath (/tmp/php+0x750be7) #1 0x70cf95 in compile_matchingpath (/tmp/php+0x70cf95) #2 0x750fe3 in compile_bracket_matchingpath (/tmp/php+0x750fe3) #3 0x70cf95 in compile_matchingpath (/tmp/php+0x70cf95) #4 0x711ebd in compile_recurse (/tmp/php+0x711ebd) #5 0x6fbe01 in _pcre_jit_compile (/tmp/php+0x6fbe01) #6 0x6e99ed in php_pcre_study (/tmp/php+0x6e99ed) #7 0x77b1ce in pcre_get_compiled_regex_cache (/tmp/php+0x77b1ce) #8 0x79aa23 in php_do_pcre_match (/tmp/php+0x79aa23) #9 0x78a61e in zif_preg_match (/tmp/php+0x78a61e) #10 0x1a52c81 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER (/tmp/php+0x1a52c81) #11 0x17c8be3 in execute_ex (/tmp/php+0x17c8be3) #12 0x17cae8a in zend_execute (/tmp/php+0x17cae8a) #13 0x15c0a84 in zend_execute_scripts (/tmp/php+0x15c0a84) #14 0x1351285 in php_execute_script (/tmp/php+0x1351285) #15 0x1c94879 in do_cli (/tmp/php+0x1c94879) #16 0x1c91ca0 in main (/tmp/php+0x1c91ca0) #17 0x7f98bd6d082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #18 0x43a768 in _start (/tmp/php+0x43a768) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/tmp/php+0x750be7) in compile_bracket_matchingpath GDB backtrace: #0 0x0000000000661138 in compile_bracket_matchingpath (common=0x7fffffffa5e8, cc=0x1f04d4f "x", parent=0x7fffffffa870) at /home/idaifish/Workspace/PHP/PHPs/php-7.1.1/ext/pcre/pcrelib/pcre_jit_compile.c:7336 #1 0x000000000062aa23 in compile_matchingpath (common=0x7fffffffa5e8, cc=<optimized out>, ccend=0x1f04d57 "x", parent=0x7fffffffa870) at /home/idaifish/Workspace/PHP/PHPs/php-7.1.1/ext/pcre/pcrelib/pcre_jit_compile.c:8497 #2 0x0000000000609e7c in compile_recurse (common=<optimized out>) at /home/idaifish/Workspace/PHP/PHPs/php-7.1.1/ext/pcre/pcrelib/pcre_jit_compile.c:9719 #3 _pcre_jit_compile (re=0x1f04d00, extra=0x1f04d70, mode=0) at /home/idaifish/Workspace/PHP/PHPs/php-7.1.1/ext/pcre/pcrelib/pcre_jit_compile.c:10223 #4 0x00000000005e97d5 in php_pcre_study (external_re=0x1f04d00, options=1, errorptr=<optimized out>) at /home/idaifish/Workspace/PHP/PHPs/php-7.1.1/ext/pcre/pcrelib/pcre_study.c:1628 #5 0x00000000006ac7e9 in pcre_get_compiled_regex_cache (regex=0x7ffff3c71120) at ext/pcre/php_pcre.c:518 #6 0x00000000006bf5dc in php_pcre_replace (regex=0x1f1b541, subject=<optimized out>, subject_len=<optimized out>, replace_val=<optimized out>, is_callable_replace=<optimized out>, limit=<optimized out>, replace_count=<optimized out>, subject_str=<optimized out>) at ext/pcre/php_pcre.c:1132 #7 php_replace_in_subject (regex=0x7ffff3c13230, replace=0x7ffff3c13240, subject=<optimized out>, limit=-1, is_callable_replace=0, replace_count=0x7fffffffabf4) at ext/pcre/php_pcre.c:1495 #8 0x00000000006be0ff in preg_replace_impl (return_value=0x7fffffffac78, regex=0x7ffff3c13230, replace=0x7ffff3c13240, subject=0x7ffff3c13250, limit_val=-1, is_callable_replace=0, is_filter=<optimized out>) at ext/pcre/php_pcre.c:1554 #9 0x00000000006bb5ef in zif_preg_filter (execute_data=0x7ffff3c131e0, return_value=0x7fffffffac78) at ext/pcre/php_pcre.c:1721 #10 0x00000000015ba4b5 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER (execute_data=0x7ffff3c13030) at Zend/zend_vm_execute.h:628 #11 0x00000000014a7510 in execute_ex (ex=<optimized out>) at Zend/zend_vm_execute.h:432 #12 0x00000000014a812b in zend_execute (op_array=0x7ffff3c7d000, return_value=<optimized out>) at Zend/zend_vm_execute.h:474 #13 0x0000000001371f21 in zend_execute_scripts (type=<optimized out>, retval=0x0, file_count=3) at Zend/zend.c:1474 #14 0x00000000011a84dc in php_execute_script (primary_file=0x7fffffffe218) at main/main.c:2537 #15 0x00000000016a555d in do_cli (argc=<optimized out>, argv=<optimized out>) at sapi/cli/php_cli.c:993 #16 0x00000000016a1dd9 in main (argc=<optimized out>, argv=<optimized out>) at sapi/cli/php_cli.c:1381