php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #37397 Win32 PHP crash
Submitted: 2006-05-10 12:25 UTC Modified: 2006-05-12 09:37 UTC
From: alex at onix-systems dot com Assigned:
Status: Not a bug Package: PCRE related
PHP Version: 5.1.4 OS: WinXP
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: alex at onix-systems dot com
New email:
PHP Version: OS:

 

 [2006-05-10 12:25 UTC] alex at onix-systems dot com
Description:
------------
Can be reproduced on Win32. Works fine under Linux.
Appieared in PHP-5.1.3 ans still exists in PHP-5.1.4

The following code results stack overflow and PHP crash.
Code works fine if $a < 1560

Reproduce code:
---------------
<?
$value = "";
for( $a=0; $a < 1561; $a++ ) {
	$value .= "t";
}
$res = preg_split(
'/(?:(?:(?:(?<!\\\\)(?:[\\\\](?:[\\\\]{2})*))+[\$])|[^\$])*/', $value
);
?>

Expected result:
----------------
nothing in this example

Actual result:
--------------
PHP crash

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-05-10 12:42 UTC] derick@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip
 [2006-05-10 13:04 UTC] alex at onix-systems dot com
It crashes as well.
 [2006-05-11 20:41 UTC] edink@php.net
Using nested quantifiers will use up all available stack, there is nothing we can do about this.
 [2006-05-12 08:58 UTC] alex at onix-systems dot com
This is very strange explanation. I would believe in it but this worked fine in previous versions of PHP (5.1.2 and lower) and also works fine under Linux even in new versions. There is definitely some issue in Win32 build. Don't you think so?
 [2006-05-12 09:07 UTC] tony2001@php.net
It was very clear explanation and we have nothing to add.
Overfilling the stack won't work with any version.
 [2006-05-12 09:28 UTC] alex at onix-systems dot com
Sorry that bother you again but what do you mean by "won't work with any version"? As I already stated this PHP script works in PHP version 5.1.2 (Win32 and Linux) and also works in PHP 5.1.4 under Linux. So this is correct regular expression that worked before but does not work now.
 [2006-05-12 09:37 UTC] tony2001@php.net
What exactly is not clear? You're smashing the stack.
It may or may not work for you depending on the stack size and other conditions.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved.
Last updated: Wed Jan 15 09:01:28 2025 UTC