php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #41306 preg_replace_callback segfaults on certain regexp
Submitted: 2007-05-06 19:12 UTC Modified: 2007-05-07 12:38 UTC
From: Sjon at hortensius dot net Assigned:
Status: Not a bug Package: PCRE related
PHP Version: 4.4.7 OS: Linux 2.6.20
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: Sjon at hortensius dot net
New email:
PHP Version: OS:

 

 [2007-05-06 19:12 UTC] Sjon at hortensius dot net 
Description:
------------
Although other regexps work fine; this one crashes since 4.4.7 is installed

Reproduce code:
---------------
<?PHP
$x = new x();

class x {
        function y($matches){
                echo 'no problem!';
        }

        function x(){
                preg_replace_callback('~\{([a-zA-Z\-_]{0,50})@([a-zA-Z_\d]{1,50})\}((?:(?:\{[a-zA-Z.\-_\d]{1,50}\}|[^\{\}]*)(\{,\})?)*)\{\1/\}~sU', array(&$this, 'y'), '{@function}argument{/}');
        }
}
?>

Expected result:
----------------
I would expect the x::y function to be ran by preg_replace_callback

Actual result:
--------------
[Sun May 06 20:47:49 2007] [notice] child pid 26044 exit signal Segmentation fault (11)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-05-06 19:20 UTC] Sjon at hortensius dot net 
The backtrace is _very_ long. Here is the first part:

Program received signal SIGSEGV, Segmentation fault.
match (eptr=0x82a3b47 "argument{/}", ecode=0x82a37a5 "O", offset_top=6, md=0xbfeac6ac, ims=4, eptrb=0x0, flags=0, rdepth=11366)
    at /root/packages/php/src/php-4.4.7/ext/pcre/pcrelib/pcre_exec.c:372
372     /root/packages/php/src/php-4.4.7/ext/pcre/pcrelib/pcre_exec.c: No such file or directory.
        in /root/packages/php/src/php-4.4.7/ext/pcre/pcrelib/pcre_exec.c
(gdb) bt
#0  match (eptr=0x82a3b47 "argument{/}", ecode=0x82a37a5 "O", offset_top=6, md=0xbfeac6ac, ims=4, eptrb=0x0, flags=0, rdepth=11366)
    at /root/packages/php/src/php-4.4.7/ext/pcre/pcrelib/pcre_exec.c:372
#1  0x0807e197 in match (eptr=0x82a3b47 "argument{/}", ecode=<value optimized out>, offset_top=6, md=0xbfeac6ac, ims=4, eptrb=0x0, flags=0, rdepth=11365)
    at /root/packages/php/src/php-4.4.7/ext/pcre/pcrelib/pcre_exec.c:1187
#2  0x0807a5e0 in match (eptr=<value optimized out>, ecode=<value optimized out>, offset_top=<value optimized out>, md=0xbfeac6ac, ims=4, eptrb=0x0, 
    flags=<value optimized out>, rdepth=11364) at /root/packages/php/src/php-4.4.7/ext/pcre/pcrelib/pcre_exec.c:1082
#3  0x0807e560 in match (eptr=<value optimized out>, ecode=<value optimized out>, offset_top=<value optimized out>, md=0xbfeac6ac, ims=4, eptrb=0x0, 
    flags=<value optimized out>, rdepth=11363) at /root/packages/php/src/php-4.4.7/ext/pcre/pcrelib/pcre_exec.c:1740
 [2007-05-07 12:38 UTC] tony2001@php.net 
Please search the database before submitting new reports.
Stack overflow in PCRE is known problem and there is not much we can do about it, since it's a problem of PCRE library.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri May 09 10:01:28 2025 UTC