PHP :: Bug #60903 :: preg_match + operator fails with string exceeding length 18

Bug #60903	preg_match + operator fails with string exceeding length 18
Submitted:	2012-01-27 15:50 UTC	Modified:	2012-01-27 20:56 UTC
From:	gohanman at gmail dot com	Assigned:
Status:	Not a bug	Package:	PCRE related
PHP Version:	5.3.9	OS:	Ubuntu
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	gohanman at gmail dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2012-01-27 15:50 UTC] gohanman at gmail dot com

Description:
------------
I'm trying to validate email addresses via regular expression. My regular expression fails if the first domain portion is longer than 18 characters. Overall string length does not seem relevant. Decreasing the length of the user portion or TLD does not make a 19+ character domain portion work.

Test script:
---------------
function is_email($str){
        if(preg_match("/^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,4})$/i", $str))
                return True;
        return False;
}

var_dump(is_email("user@123456789012345678.com"));
var_dump(is_email("user@1234567890123456789.com"));

Expected result:
----------------
bool(true);
bool(true);

Actual result:
--------------
bool(true);
bool(false);

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-01-27 20:54 UTC] felipe@php.net

Are you really using 5.3.9 with the built-in PCRE library?
Your test case works just fine here.

If it returns false, you can check preg_last_error() and adjust the INI configuration accordingly. About crashing, it's known behavior from PCRE library, take a look at the PCRE documentation for more information.

[2012-01-27 20:54 UTC] felipe@php.net

-Status: Open +Status: Not a bug -Package: Regexps related +Package: PCRE related

[2012-01-27 20:56 UTC] nikic@php.net

This is not a PHP bug. Your regex is written somewhat inefficiently (and doesn't do what you expect it to) and thus seems to quickly hit the backtracking limit. Btw, I can't repro it on 5.3, only 5.2.

What you actually wanted to write is /^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$/i (not the \.).

By the way, we encourage you to use filter_var with FILTER_VALIDATE_EMAIL instead of a custom regex. Custom solutions usually are much too restrictive and disallow many valid emails.

[2012-01-27 20:56 UTC] nikic@php.net

-Package: PCRE related +Package: Regexps related

[2012-01-27 20:56 UTC] nikic@php.net

-Package: Regexps related +Package: PCRE related

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Dec 03 17:00:01 2025 UTC