PHP :: Bug #52337 :: preg_replace crashes (GeSHi related)

Bug #52337	preg_replace crashes (GeSHi related)
Submitted:	2010-07-14 16:29 UTC	Modified:	2010-07-14 17:07 UTC
From:	php-bugs at thequod dot de	Assigned:
Status:	Not a bug	Package:	PCRE related
PHP Version:	5.3.3RC2	OS:	Windows XP
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	php-bugs at thequod dot de
New email:
PHP Version:		OS:

New/Additional Comment:

[2010-07-14 16:29 UTC] php-bugs at thequod dot de

Description:
------------
I've noticed GeSHi crashing and could extract the code that triggered it.

IIRC this happened some time ago already and I could not reproduce it on a Linux machine.

Also, it does only happen via the Apache2 PHP handler (mod_php), not which PHP CLI.

Test script:
---------------
$m = preg_replace(
'/(?<!<\|\/)(?<!<\|!REG3XP)(?<!<\|\/NUM!)(?<!\d\/>)((?:(?<![0-9a-z_\.%])|(?<=\.\.))(?<![\d\.]e[+\-])([1-9]\d*?|0)(?![0-9a-z]|\.(?:[eE][+\-]?)?\d)|(?<![0-9a-z_\.])(?<![\d\.]e[+\-])0[0-7]+?(?![0-9a-z]|\.(?:[eE][+\-]?)?\d)|(?<![0-9a-z_\.])(?<![\d\.]e[+\-])0x[0-9a-fA-F]+?(?![0-9a-z]|\.(?:[eE][+\-]?)?\d)|(?<![0-9a-z_\.])(?<![\d\.]e[+\-])\d+?\.\d+?(?![0-9a-z]|\.(?:[eE][+\-]?)?\d)|(?<![0-9a-z_\.])(?<![\d\.]e[+\-])\.\d+?(?:e[+\-]?\d+?)?(?![0-9a-z]|\.(?:[eE][+\-]?)?\d)|(?<![0-9a-z_\.])(?<![\d\.]e[+\-])(?:\d+?(?:\.\d*?)?|\.\d+?)(?:e[+\-]?\d+?)?(?![0-9a-z]|\.(?:[eE][+\-]?)?\d))(?!(?:<DOT>|(?>[^\<]))+>)(?![^<]*>)(?!\|>)(?!\/>)/i',
'<|/NUM!0/>\1|>',
'(2, 3, 4, 5, 6, 12, 15, 16, 18, 20, 21, 22, 25, 29, 30, 32, 33, 34, 35, 37, 38, 41, 43, 47, 48, 49, 50, 51, 54, 55, 56, 58, 59, 62, 63, 84, 85, 92, 93, 111, 125, 153, 155, 163, 173, 175, 176, 177, 178, 179, 180, 184, 189, 192, 193, 194, 195, 202, 204, 205, 214, 220, 227, 241, 259, 262, 269, 277, 279, 281, 282, 285, 299, 300, 314, 315, 316, 317, 318, 327, 329, 337, 340, 341, 344, 345, 377, 381, 386, 387, 388, 389, 390, 393, 397, 398, 403, 404, 405, 406, 407, 410, 411, 412, 424, 425, 426, 429, 432, 436, 437, 438, 442, 446, 456, 457, 464, 465, 475, 477, 478, 480, 484, 485, 486, 487, 492, 499, 504, 537, 545, 552, 558, 560, 562, 563, 575, 577, 578, 588, 599, 602, 607, 616, 617, 618, 619, 624, 632, 633, 637, 638, 639, 641, 643, 646, 650, 651, 652, 657, 658, 662, 675, 677, 678, 688, 690, 730, 732, 736, 738, 741, 754, 764, 772, 781, 783, 787, 795, 801, 804, 807, 814, 815, 823, 824, 829, 831, 833, 850, 851, 855, 856, 857, 858, 860, 861, 863, 864, 879, 881, 884, 903, 904, 906, 924, 927, 928, 936, 939, 947, 951, 955, 968, 973, 983, 999, 1000, 1007, 1020, 1022, 1024, 1025, 1026, 1027, 1031, 1036, 1041, 1044, 1048, 1051, 1052, 1062, 1074, 1083, 1085, 1091, 1102, 1105, 1106, 1112, 1113, 1114, 1118, 1120, 1124, 1135, 1141, 1164, 1168, 1172, 1173, 1177, 1180, 1187, 1199, 1202, 1206, 1216, 1217, 1218, 1221, 1224, 1226, 1229, 1230, 1231, 1232, 1233, 1241, 1242, 1243, 1244, 1245, 1248, 1257, 1261, 1263, 1267, 1272, 1273, 1274, 1275, 1282, 1283, 1284, 1285, 1286, 1305, 1306, 1308, 1309, 1323, 1327, 1341, 1342, 1349, 1352, 1356, 1358, 1359, 1361, 1364, 1384, 1385, 1386, 1387, 1390, 1391, 1392, 1393, 1394, 1398, 1401, 1402, 1403, 1404, 1411, 1412, 1413, 1414, 1415, 1424, 1425, 1435, 1436, 1437, 1442, 1448, 1462, 1468, 1469, 1472, 1488, 1489, 1493, 1504, 1509, 1515, 1517, 1519, 1520, 1526, 1537, 1538, 1540, 1545, 1546, 1556, 1560, 1570, 1578, 1586, 1587, 1588, 1593, 1595, 1597, 1598, 1599, 1601, 1604, 1606, 1613, 1621, 1633, 1640, 1643, 1655, 1656, 1661, 1662, 1663, 1687, 1690, 1706, 1712, 1715, 1720, 1731, 1742, 1748, 1752, 1753, 1762, 1765, 1768, 1780, 1786, 1797, 1800, 1801, 1803, 1808, 1811, 1819, 1820, 1821, 1826, 1829, 1838, 1839, 1841, 1847, 1851, 1852, 1853, 1856, 1857, 1859, 1864, 1865, 1870, 1871, 1873, 1875, 1877, 1878, 1882, 1892, 1893, 1899, 1901, 1902, 1906, 1908, 1926, 1928, 1947, 1964, 1972, 1977, 1986, 1989, 1990, 1998, 1999, 2015, 2016, 2017, 2025, 2026, 2027, 2028, 2045, 2056, 2062, 2066, 2067, 2070, 2071, 2072, 2081, 2092, 2093, 2102, 2110, 2124, 2125, 2127, 2128, 2129, 2132, 2133, 2149, 2157, 2160, 2170, 2175, 2177, 2181, 2211, 2212, 2216, 2228, 2240, 2241, 2242, 2243, 2258, 2268, 2272, 2293, 2299, 2310, 2317, 2335, 2344, 2348, 2349, 2350, 2354, 2377, 2380, 2400, 2402, 2404, 2410, 2411, 2412, 2413, 2420, 2424, 2429, 2430, 2439, 2442, 2444, 2445, 2447, 2452, 2464, 2467, 2470, 2471, 2472, 2490, 2498, 2513, 2515, 2534, 2571, 2591, 2592, 2600, 2613, 2624, 2627, 2634, 2643, 2649, 2657, 2669, 2674, 2677, 2687, 2690, 2691, 2692, 2694, 2715, 2746, 2760, 2790, 2805, 2808, 2812, 2827, 2831, 2835, 2839, 2851, 2854, 2859, 2887, 2906, 2911, 2936, 2941, 2957, 2964, 2980, 2989, 2990, 2991, 2995, 2998, 3007, 3009, 3010, 3018, 3024, 3030, 3031, 3036, 3039, 3050, 3051, 3052, 3057, 3058, 3062, 3075, 3076, 3077, 3096, 3099, 3101, 3107, 3108, 3110, 3120, 3121, 3135, 3136, 3140, 3150, 3151, 3152, 3153, 3154, 3155, 3156, 3157, 3158, 3159, 3163, 3165, 3170, 3172, 3174, 3175, 3176, 3177, 3178, 3179, 3180, 3181, 3182, 3186, 3187, 3188, 3189, 3190, 3201, 3202, 3210, 3222, 3223, 3240, 3246, 3263, 3266, 3270, 3282, 3287, 3291, 3293, 3297, 3303, 3309, 3311, 3313, 3314, 3315, 3318, 3326, 3338, 3339, 3354, 3358, 3359, 3362, 3363, 3367, 3368, 3369, 3380, 3391, 3395, 3397, 3404, 3409, 3417, 3422, 3431, 3432, 3433, 3439, 3450, 3454, 3455, 3471, 3477, 3478, 3494, 3502, 3511, 3512, 3518, 3529, 3534, 3537, 3538, 3548, 3549, 3552, 3555, 3556, 3557, 3558, 3561, 3562, 3563, 3568, 3569, 3571, 3575, 3581, 3585, 3588, 3594, 3634, 3637, 3642, 3668, 3680, 3683, 3684, 3686, 3702, 3703, 3714, 3721, 3724, 3726, 3727, 3732, 3741, 3742, 3743, 3744, 3745, 3746, 3747, 3765, 3768, 3770, 3771, 3773, 3774, 3775, 3776, 3777, 3778, 3779, 3781, 3782, 3783, 3793, 3827, 3829, 3833, 3836, 3850, 3865, 3866, 3871, 3873, 3877, 3879, 3888, 3894, 3896, 3901, 3902, 3905, 3906, 3907, 3908, 3909, 3920, 3921, 3922, 3923, 3937, 3942, 3945, 3952, 3955, 3966, 3967, 3968, 3970, 3971, 3972, 3973, 3974, 3976, 3977, 3979, 3982, 3984, 3985, 3990, 3994, 3997, 4001, 4005, 4006, 4008, 4010, 4017, 4018, 4019, 4022, 4032, 4033, 4038, 4040, 4041, 4043, 4044, 4045, 4049, 4051, 4053, 4054, 4055, 4059, 4064, 4070, 4075, 4081, 4084, 4087, 4089, 4090, 4091, 4096, 4098, 4099, 4101, 4102, 4105, 4106, 4109, 4113, 4118, 4119, 4122, 4125, 4131, 4132, 4133, 4138, 4143, 4149, 4170, 4176, 4191, 4195, 4196, 4201, 4202, 4210, 4216, 4219, 4225, 4229, 4230, 4235, 4237, 4247, 4255, 4256, 4259, 4266, 4270, 4273, 4282, 4283, 4291, 4292, 4293, 4296, 4298, 4300, 4301, 4304, 4307, 4315, 4319, 4324, 4326, 4328, 4329, 4330, 4333, 4337, 4340, 4344, 4345, 4348, 4349, 4350, 4356, 4368, 4381, 4392, 4393, 4394, 4395, 4396, 4403, 4407, 4409, 4410, 4411, 4414, 4418, 4425, 4426, 4428, 4432, 4440, 4444, 4447, 4458, 4459, 4460, 4465, 4469, 4470, 4471, 4486, 4487, 4499, 4502, 4508, 4509, 4510, 4513, 4515, 4517, 4520, 4523, 4534, 4535, 4536, 4546, 4549, 4580, 4582, 4583, 4587, 4600, 4612, 4613, 4618, 4619, 4621, 4628, 4667, 4669, 4670, 4686, 4687, 4696, 4700, 4714, 4718, 4719, 4722, 4723, 4724, 4725, 4726, 4749, 4754, 4756, 4757, 4759, 4760, 4761, 4762, 4763, 4767, 4768, 4769, 4801, 4807, 4808, 4810, 4812, 4813, 4815, 4816, 4823, 4827, 4841, 4855, 4861, 4863, 4864, 4865, 4870, 4876, 4877, 4898, 4901, 4905, 4906, 4908, 4911, 4915, 4924, 4928, 4929, 4930, 4935, 4940, 4941, 4942, 4943, 4944, 4950, 4963, 4973, 4975, 4976, 4979, 4983, 4988, 4989, 4990, 4991, 4995, 4996, 4997, 4998, 4999, 5006, 5010, 5016, 5017, 5024, 5025, 5026, 5032, 5038, 5039, 5042, 5052, 5054, 5062, 5064, 5065, 5067, 5071, 5072, 5076, 5078, 5079, 5086, 5087, 5097, 5105, 5135, 5136, 5138, 5143, 5148, 5155, 5159, 5164, 5165, 5166, 5167, 5170, 5174, 5181, 5182, 5183, 5184, 5189, 5194, 5195, 5196, 5198, 5201, 5202, 5205, 5219, 5221, 5222, 5223, 5225, 5226, 5227, 5230, 5235, 5238, 5239, 5246, 5247, 5249, 5258, 5259, 5260, 5263, 5264, 5265, 5266, 5269, 5270, 5278, 5279, 5284, 5286, 5287, 5291, 5301, 5308, 5309, 5310, 5322, 5323, 5327, 5328, 5331, 5335, 5336, 5339, 5340, 5342, 5346, 5351, 5353, 5354, 5355, 5358, 5359, 5360, 5364, 5367, 5372, 5373, 5376, 5378, 5379, 5382, 5385, 5389, 5400, 5408, 5414, 5420, 5424, 5429, 5430, 5434, 5437, 5440, 5443, 5444, 5451, 5454, 5458, 5459, 5463, 5466, 5469, 5472, 5476, 5486, 5489, 5491, 5500, 5501, 5505, 5507, 5513, 5535, 5545, 5546, 5548, 5549, 5555, 5561, 5565, 5569, 5570, 5579, 5584, 5585, 5586, 5589, 5590, 5592, 5595, 5598, 5599, 5610, 5611, 5634, 5635, 5641, 5642, 5643, 5644, 5645, 5648, 5653, 5660, 5662, 5667, 5671, 5673, 5675, 5677, 5679, 5683, 5687, 5690, 5702, 5711, 5713, 5714, 5724, 5727, 5728, 5729, 5739, 5741, 5752, 5753, 5759, 5766, 5807, 5808, 5826, 5833, 5836, 5839, 5840, 5849, 5862, 5863, 5865, 5869, 5872, 5873, 5874, 5877, 5878, 5887, 5892, 5901, 5907, 5911, 5912, 5918, 5937, 5938, 5940, 5945, 5949, 5955, 5959, 5969, 5979, 5987, 5998, 6000, 6001, 6009, 6012, 6019, 6020, 6022, 6024, 6025, 6027, 6028, 6039, 6050, 6065, 6066, 6071, 6072, 6075, 6076, 6077, 6078, 6080, 6084, 6085, 6086, 6087, 6090, 6092, 6094, 6096, 6098, 6102, 6105, 6122, 6123, 6129, 6130, 6131, 6134, 6135, 6145, 6148, 6184, 6185, 6186, 6187, 6188, 6189, 6190, 6191, 6193, 6199, 6203, 6204, 6211, 6216, 6225, 6226, 6227, 6233, 6237, 6240, 6242, 6265, 6271, 6273, 6296, 6297, 6305, 6315, 6320, 6336, 6346, 6350, 6356, 6357, 6358, 6359, 6363, 6364, 6370, 6374, 6384, 6385, 6386, 6389, 6401, 6402, 6413, 6414, 6416, 6417, 6422, 6425, 6459, 6479, 6480, 6481, 6482, 6487, 6489, 6490, 6496, 6498, 6501, 6502, 6504, 6510, 6511, 6512, 6515, 6518, 6531, 6532, 6545, 6547, 6557, 6572, 6581, 6582, 6603, 6612, 6613, 6614, 6616, 6617, 6619, 6621, 6623, 6641, 6644, 6647, 6685, 6686, 6725, 6726, 6746, 6752, 6765, 6768, 6769, 6770, 6788, 6817, 6818, 6831, 6851, 6877, 6894, 6895, 6896, 6897, 6903, 6906, 6907, 6909, 6936, 6943, 6945, 6949, 6953, 6954, 6957, 6968, 6976, 6978, 6980, 7000, 7003, 7012, 7023, 7024, 7033, 7034, 7036, 7044, 7050, 7055, 7080, 7083, 7085, 7086, 7088, 7093, 7094, 7098, 7099, 7114, 7126, 7127, 7130, 7149, 7151, 7157, 7171, 7175, 7176, 7189, 7223, 7224, 7232, 7236, 7238, 7241, 7245, 7246, 7250, 7255, 7259, 7260, 7280, 7281, 7282, 7297, 7298, 7299, 7309, 7312, 7313, 7314, 7315, 7316, 7317, 7318, 7319, 7329, 7335, 7352, 7365, 7381, 7390, 7394, 7395, 7397, 7423, 7447, 7453, 7457, 7489, 7504, 7516, 7517, 7529, 7539, 7542, 7543, 7548, 7550, 7558, 7566, 7570, 7575, 7583, 7601, 7612, 7613, 7618, 7637, 7638, 7645, 7654, 7664, 7675, 7686, 7698, 7699, 7701, 7705, 7707, 7708, 7722, 7727, 7728, 7743, 7745, 7746, 7754, 7758, 7777, 7788, 7817, 7833, 7849, 7876, 7885, 7893, 7900, 7922, 7932, 7933, 7951, 7957, 8014, 8022, 8033, 8034, 8042, 8044, 8086, 8089, 8107, 8110, 8111, 8112, 8115, 8124, 8125, 8140, 8142, 8143, 8163, 8164, 8170, 8177, 8178, 8180, 8181, 8183, 8202, 8203, 8217, 8219, 8221, 8225, 8234, 8235, 8249, 8270, 8273, 8286, 8287, 8288, 8289, 8290, 8292, 8294, 8298, 8300, 8303, 8310, 8322, 8325, 8332, 8340, 8341, 8348, 8353, 8370, 8373, 8382, 8388, 8390, 8391, 8412, 8413, 8414, 8416, 8417, 8422, 8424, 8427, 8431, 8433, 8437, 8438, 8442, 8443, 8446, 8449, 8458, 8466, 8471, 8475, 8477, 8478, 8495, 8497, 8499, 8526, 8527, 8534, 8535, 8536, 8541, 8549, 8557, 8562, 8576, 8606, 8607, 8611, 8623, 8632, 8647, 8650, 8655, 8670, 8678, 8699, 8700, 8701, 8702, 8711, 8724, 8734, 8735, 8736, 8737, 8755, 8759, 8780, 8781, 8784, 8800, 8810, 8819, 8828, 8832, 8837, 8838, 8843, 8850, 8851, 8863, 8876, 8888, 8892, 8894, 8904, 8910, 8913, 8921, 8923, 8929, 8939, 8948, 8954, 8957, 8961, 8974, 8977, 8978, 8982, 8983, 8993, 9022, 9023, 9028, 9030, 9032, 9036, 9038, 9040, 9050, 9057, 9061, 9086, 9091, 9092, 9093, 9095, 9098, 9102, 9110, 9111, 9121, 9131, 9133, 9134, 9139, 9140, 9145, 9155, 9162, 9164)');

var_dump( strlen($m) );

Expected result:
----------------
int(30861)

Actual result:
--------------
Crash with apache2handler (Apache/2.2.15 (Win32) mod_ssl/2.2.15 OpenSSL/0.9.8m proxy_html/2.5 PHP/5.3.3RC2).

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2010-07-14 17:07 UTC] pajoye@php.net

-Status: Open +Status: Bogus

[2010-07-14 17:07 UTC] pajoye@php.net

Increase the stack for Apache and the crash should gone. There are tools to do that for binaries (I don't have the link at hand but other pcre bugs contain an explanation).

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 15:01:29 2024 UTC