| Bug #25754 | preg_replace() and preg_replace_callback() crash with long matches | ||||
|---|---|---|---|---|---|
| Submitted: | 4 Oct 2003 7:56pm UTC | Modified: | 22 Feb 2004 3:19pm UTC | ||
| From: | ilya at lebedev dot net | Assigned to: | |||
| Status: | Closed | Category: | Documentation problem | ||
| Version: | 4CVS-2003-10-04 (stable) | OS: | Win32 | ||
| Votes: | 2 | Avg. Score: | 5.0 ± 0.0 | Reproduced: | 2 of 2 (100.0%) |
| Same Version: | 0 (0.0%) | Same OS: | 0 (0.0%) | ||
[4 Oct 2003 10:04pm UTC] sniper@php.net
From http://www.pcre.org/pcre.txt, LIMITATIONS: "The maximum length of a subject string is the largest positive number that an integer variable can hold. However, PCRE uses recursion to handle subpatterns and indefinite repetition. This means that the available stack space may limit the size of a subject string that can be processed by certain patterns." This propably should be mentioned in our manual pages too. (On Linux, the example script worked fine with 9344 chars between the tags, but 9345 crashed)
[28 Oct 2003 6:16pm UTC] coldrain at workingonit dot org
It seems the bug I reported (http://bugs.php.net/bug.php?id=26020) is a duplicate of this one. In this (now bogus) bug report there is more info on a similar, yet different case. It should be noted that the maximum amount of data between pairs of tags in this PCRE case is not a constant as it differs between platforms, even with the same installed PHP versions. On a Debian box, I was able to process about 11650 bytes between to matching div tags.
[22 Feb 2004 3:19pm UTC] nlopess@php.net
This bug has been fixed in the documentation's XML sources. Since the online and downloadable versions of the documentation need some time to get updated, we would like to ask you to be a bit patient. Thank you for the report, and for helping us make our documentation better.
Description: ------------ Regular expression from the J.Friedl's "Mastering regular expressions" book that matches pair html tags: #<tag([^>]*)>(((?!</?tag(?:[^>]*)>).)*)</tag>#si When between <tag> and </tag> are more then 2100 bytes (symbols), Apache crashes. Same happens without "s" modifier, if string has no "newline" codes. Reproduce code: --------------- === preg_replace("#<tag([^>]*)>(((?!</?tag(?:[^>]*)>).)*)</tag>#si","","<tag > 2200 symbols</tag>"); === or === function callback (&$m) { return "";}; preg_replace_callback ("#<tag([^>]*)>(((?!</?tag(?:[^>]*)>).)*)</tag>#si","callback","<tag> 2200 symbols </tag>"); === Expected result: ---------------- Match blocks bigger then 2100 symbols long. Actual result: -------------- With more then 2100 sybmols between tags Apache crashes.