php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #44229 Too many subpattern matches cause segfault
Submitted: 2008-02-23 22:52 UTC Modified: 2008-02-23 23:46 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: martin dot kevin at gmail dot com Assigned:
Status: Not a bug Package: PCRE related
PHP Version: 5.2CVS-2008-02-23 (snap) OS: Debian
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: martin dot kevin at gmail dot com
New email:
PHP Version: OS:

 

 [2008-02-23 22:52 UTC] martin dot kevin at gmail dot com 
Description:
------------
Matching a string against a pattern that will have many subpattern matches causes a segmentation fault.

Reproduce code:
---------------
#!/usr/bin/env php
<?php
$testPattern = <<< EOS
/([^"])+/
EOS;

$testString = '"';

for ( $count = 0; $count < 1030; $count++ )
   $testString .= '\x90';

for ( $count = 1030; $count < 4000; $count++ )
{
   $testString .= '\x90';

   echo "$count\n";

   preg_match ( $testPattern, $testString . '"', $matches );
}

exit ( 0 );
?>


Expected result:
----------------
Over 1000 matches:

[...]
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045

Actual result:
--------------
Segmentation fault at either 1037 or 1038:

1030
1031
1032
1033
1034
1035
1036
1037
1038
Segmentation fault

Note that this seems to vary where it fails; either after 1037 matches or 1038 matches.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-02-23 23:46 UTC] felipe@php.net 
See:
Bug#33468
Bug#39387
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Oct 26 17:00:01 2025 UTC