PHP :: Bug #13170 :: Crash Bug. ereg() with null regex

Bug #13170	Crash Bug. ereg() with null regex
Submitted:	2001-09-06 04:33 UTC	Modified:	2001-12-14 12:54 UTC
From:	yasuo_ohgaki at yahoo dot com	Assigned:
Status:	Closed	Package:	Reproducible crash
PHP Version:	4.0CVS-2001-09-06	OS:	RedHat 7.1
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	yasuo_ohgaki at yahoo dot com
New email:
PHP Version:		OS:

New Comment:

[2001-09-06 04:33 UTC] yasuo_ohgaki at yahoo dot com

I found this bug while trying to find other memory problem. PHP4.0.7RC1 has different problem with null regex. Problem under PHP4.0.7RC1 cannot reproduce easily, but I think null regex isn't handle well in PHP4.0.7RC1 also.

Program received signal SIGSEGV, Segmentation fault.
0x5f656475 in ?? ()
(gdb) bt
#0  0x5f656475 in ?? ()
#1  0x406304ea in zm_activate_basic (type=1, module_number=5) at basic_functions.c:1040
#2  0x405a4a15 in module_registry_request_startup (module=0x8108e68) at zend_API.c:1145
#3  0x405a7776 in zend_hash_apply (ht=0x4073f240, apply_func=0x405a49e0 <module_registry_request_startup>) at zend_hash.c:669
#4  0x405a0d19 in zend_activate_modules () at zend.c:572
#5  0x405b2143 in php_request_startup () at main.c:685
#6  0x405ae6ef in apache_php_module_main (r=0x817e168, display_source_mode=0) at sapi_apache.c:67
#7  0x405af5e8 in send_php (r=0x817e168, display_source_mode=0, filename=0x817fe58 "/home/yohgaki/public_html/bugs/memory_4.0.7RC1/case3/test.php") at mod_php4.c:575
#8  0x405af662 in send_parsed_php (r=0x817e168) at mod_php4.c:590
#9  0x08055927 in ap_invoke_handler () at eval.c:41
#10 0x08069bdb in process_request_internal () at eval.c:41
#11 0x08069c3c in ap_process_request () at eval.c:41
#12 0x08061011 in child_main () at eval.c:41
#13 0x080611e0 in make_child () at eval.c:41
#14 0x08061354 in startup_children () at eval.c:41
#15 0x080619a3 in standalone_main () at eval.c:41
#16 0x080621db in main () at eval.c:41
#17 0x400a3177 in __libc_start_main (main=0x8061e28 <main>, argc=2, ubp_av=0xbffff9dc, init=0x804fa20 <_init>, fini=0x8099f6c <_fini>, rtld_fini=0x4000e184 <_dl_fini>, stack_end=0xbffff9d4) at ../sysdeps/generic/libc-start.c:129


Script is not shortest, but I thinks it's short enough
<?php
function foo()
{
	$tmp = null;
	$str = 'abc';
	$regex = '';
	echo "foo() called<br>\n";
	if (!eregi($regex,$str,$regs)) {
		return $tmp;
	}
}

function bar() 
{
	// just call foo()
	foo();
}

bar();
?>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-09-06 04:42 UTC] sterling@php.net

it works fine for me with the latest CVS, are you *sure* you tested it with the CVS version (as of today :)  If so, reopen, I just tried your example (same system type), and didn't get a segfault, just an appropriate error.

[2001-09-06 06:01 UTC] yasuo_ohgaki at yahoo dot com

I think the source is last night or the day bofore. PHP doesn't segfault with current CVS. 

I'll update CVS & build before reporting a bug next time. Sorry for bothering you.

[2001-12-14 12:54 UTC] yohgaki@php.net

Just notice this was fixed one

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed May 07 19:01:32 2025 UTC