php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #40909 Segmentation Fault with preg_match_all
Submitted: 2007-03-24 17:46 UTC Modified: 2007-03-26 11:47 UTC
Votes:3
Avg. Score:4.0 ± 1.4
Reproduced:3 of 3 (100.0%)
Same Version:1 (33.3%)
Same OS:2 (66.7%)
From: adrynet at tiscali dot it Assigned:
Status: Not a bug Package: *Regular Expressions
PHP Version: 4.4.6 OS: Linux Fedora / Redhat / CentOS
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: adrynet at tiscali dot it
New email:
PHP Version: OS:

 

 [2007-03-24 17:46 UTC] adrynet at tiscali dot it 
Description:
------------
Good morning,
executing preg_match_all() function with this Regular Expression causes a PHP Segmentation Fault.

The following code works correctly both with previous versions of PHP and PHP 5.2.1.

Thank you for support
Adriano C.

Reproduce code:
---------------
<?php
            
$pattern = "/\s([\w_\.\/]+)(?:=([\'\"]?(?:[\w\d\s\?=\(\)\.,'_#\/\\:;&-]|(?:\\\\\"|\\\')?)+[\'\"]?))?/";
$context = "<simpletag an_attribute=\"simpleValueInside\">";

$match = array();

if ($result =preg_match_all($pattern, $context, $match))
{

var_dump($result);
}


?>

Expected result:
----------------
int(1)

Actual result:
--------------
Segmentation Fault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-03-25 22:36 UTC] judas dot iscariote at gmail dot com 
reproducible with CVS 5_2 too.

 gdb --args ./sapi/cli/php ~/preg.php

(gdb) run
Starting program: /home/cristian/php5/sapi/cli/php /home/cristian/preg.php
Program received signal SIGSEGV, Segmentation fault.
0x0000000000453d2d in match (eptr=Cannot access memory at address 0x7fff5c974b60
) at /home/cristian/php5/ext/pcre/pcrelib/pcre_exec.c:372
372     {
(gdb) bt full
#0  0x0000000000453d2d in match (eptr=Cannot access memory at address 0x7fff5c974b60
) at /home/cristian/php5/ext/pcre/pcrelib/pcre_exec.c:372
        rrc = Cannot access memory at address 0x7fff5c974c48
(gdb)
 [2007-03-26 10:07 UTC] tony2001@php.net 
Yet another PCRE stack overflow.
We got new INI options in PHP5 in order to "limit" the appetite of PCRE, though they do not really fix the problem in PCRE library, which is known to overflow the stack on certain expressions and there are no plans on adding these options to PHP4.
 [2007-03-26 10:48 UTC] adrynet at tiscali dot it 
Hi Tony,
It's strange because with PHP 4.4.6 we got Segmentation Fault using preg_match_all() on with same regex pattern on the same source text that both in previous versions of PHP 4.4.x and 5.x works perfectly.

So why in this release PCRE should have "more appetite" on the same usage?

Have a nice day
Adriano C.
 [2007-03-26 10:59 UTC] tony2001@php.net 
>So why in this release PCRE should have "more appetite" on the same
usage
You're asking wrong person, I can't answer your question since I'm not the author of PCRE.
 [2007-03-26 11:06 UTC] adrynet at tiscali dot it 
>You're asking wrong person, I can't answer your question since I'm not
the author of PCRE.

Thanks for reply Tony. Do you know if 4.4.6 uses a new release of PCRE and so we have this behaviour?

Have a nice day
Adriano C.
 [2007-03-26 11:18 UTC] tony2001@php.net 
Yes, PHP 4.4.6 (as well as PHP 5.2.2) has PCRE 7.0 bundled.
 [2007-03-26 11:47 UTC] adrynet at tiscali dot it 
> Yes, PHP 4.4.6 (as well as PHP 5.2.2) has PCRE 7.0 bundled.

So if is PCRE 7.0 the root cause we have to expect a Segmentation Fault even in the next PHP 5.x update :| ?

thanks
Adriano C.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Nov 22 17:01:31 2024 UTC