php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #30466 preg_replace crashes on long strings
Submitted: 2004-10-18 00:42 UTC Modified: 2004-10-19 23:00 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: i dot oppenheim at xs4all dot nl Assigned:
Status: Not a bug Package: Reproducible crash
PHP Version: 4.3.9 OS: Linux 2.6.6-1um
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: i dot oppenheim at xs4all dot nl
New email:
PHP Version: OS:

 

 [2004-10-18 00:42 UTC] i dot oppenheim at xs4all dot nl 
Description:
------------
preg_replace crashes on long strings.

My Configure Line:
./configure --prefix=/opt/php --with-apxs \
--with-mysql=/usr --with-zlib=/usr --with-png-dir=/usr\
 --with-bz2 --with-t1lib --with-dom --with-ncurses\
 --with-readline --enable-calendar --with-gd\
 --with-freetype-dir --with-ttf --enable-gd-native-ttf\
 --with-jpeg-dir --with-xpm-dir --with-tiff-dir=/usr\
 --enable-exif --with-iconv --enable-sockets\
 --with-db2 --enable-dba --with-openssl --disable-cgi


Reproduce code:
---------------
#!/usr/bin/env php
<?php

changeMsg ("http://www.sicodel.com/ct.txt") ;

function changeMsg ($file) {

    $txt = file_get_contents ($file) ;
    $txt = preg_replace (
        "[Hosted by Shamash:(.|\n)*</pre>]",
        "</pre>",
        $txt
    ) ;

} # changeMsg
?>


Actual result:
--------------
Segmentation Fault!

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-10-18 07:55 UTC] derick@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.
 [2004-10-18 11:04 UTC] i dot oppenheim at xs4all dot nl 
I reconfigured PHP with --enable-debug.

Here is a fragment of the requested gdb backtrace (in total 8MB large!):

Core was generated by `php-dbg ./tst.php'.
Program terminated with signal 11, Segmentation fault.
#0  0x080d915d in match (
    eptr=0x82e5603 "m.  Free membership via\n&gt; <a  href=\"http://www.myjewish
learning.com/shamash", '-' <repeats 24 times>, "\">http://www.myjewishlearning.c
om/shamash", '-' <repeats 24 times>, "</a>\n&gt; hanashir (at) shamash(d"...,
    ecode=0x82ca027 "\v=", offset_top=4, md=0xbfffce1c, ims=0,
    eptrb=0xbf8001c4, flags=2) at /opt/php/src/php/ext/pcre/pcrelib/pcre.c:5484
5484    {
#0  0x080d915d in match (
    eptr=0x82e5603 "m.  Free membership via\n&gt; <a  href=\"http://www.myjewish
learning.com/shamash", '-' <repeats 24 times>, "\">http://www.myjewishlearning.c
om/shamash", '-' <repeats 24 times>, "</a>\n&gt; hanashir (at) shamash(d"...,
    ecode=0x82ca027 "\v=", offset_top=4, md=0xbfffce1c, ims=0,
    eptrb=0xbf8001c4, flags=2) at /opt/php/src/php/ext/pcre/pcrelib/pcre.c:5484

<snip>

#21813 0x080e0faf in php_pcre_replace (
    regex=0x82d63e4 "[Hosted by Shamash:(.|\n)*</pre>]", regex_len=32,
    subject=0x82de53c "<!-- MHonArc v2.6.8 -->\n<!--X-Subject: [HANASHIR:15052]
Re: cantorial certification(long) -->\n<!--X-From-R13: \"Oqevna Rheyrfgre\" <nqe
vnaNqheyrfgre.pbz> -->\n<!--X-Date: 11 Aug 2003 14:20:34 &#45;0000 -"...,
    subject_len=31633, replace_val=0x82d58c4, is_callable_replace=0,
    result_len=0xbfffd00c, limit=-1)
    at /opt/php/src/php/ext/pcre/php_pcre.c:867
#21814 0x080e1964 in php_replace_in_subject (regex=0x82d5d14,
    replace=0x82d58c4, subject=0x82cab68, result_len=0xbfffd00c, limit=-1,
    is_callable_replace=0 '\0') at /opt/php/src/php/ext/pcre/php_pcre.c:1078
#21815 0x080e2087 in preg_replace_impl (ht=3, return_value=0x82d643c,
    this_ptr=0x0, return_value_used=1, is_callable_replace=0 '\0')
    at /opt/php/src/php/ext/pcre/php_pcre.c:1170
#21816 0x080e20dc in zif_preg_replace (ht=3, return_value=0x82d643c,
    this_ptr=0x0, return_value_used=1)
    at /opt/php/src/php/ext/pcre/php_pcre.c:1181
#21817 0x081c6333 in execute (op_array=0x82d57e8)
    at /opt/php/src/php/Zend/zend_execute.c:1640
#21818 0x081c6531 in execute (op_array=0x82d0264)
    at /opt/php/src/php/Zend/zend_execute.c:1684
#21819 0x081b53e9 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /opt/php/src/php/Zend/zend.c:891
#21820 0x08181774 in php_execute_script (primary_file=0xbffff630)
    at /opt/php/src/php/main/main.c:1735
#21821 0x081d646b in main (argc=2, argv=0xbffff6b4)
    at /opt/php/src/php/sapi/cli/php_cli.c:822
#21817 0x081c6333 in execute (op_array=0x82d57e8)
    at /opt/php/src/php/Zend/zend_execute.c:1640
 [2004-10-18 11:06 UTC] derick@php.net 
Can you please put it online andprovide a link? It simple looks like a stack overflow though.
 [2004-10-18 13:23 UTC] i dot oppenheim at xs4all dot nl 
You can download the complete traceback from here:
http://dj.xs4all.nl/gdb.tar.gz

The bug seems to be that PHP does not notice that it runs out of stack memory.

PHP should abort the function with an appropriate error message, rather than crashing with a segmentation fault.
Furthermore, this condition should be documented in the
PHP manual.
 [2004-10-18 14:23 UTC] derick@php.net 
No, PHP should not detect it and crash (this is the only time this is permitted).
 [2004-10-19 23:00 UTC] iliaa@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

 expected behaviour.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Mon May 06 12:01:31 2024 UTC