php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #49697 preg_replace crashes my system.
Submitted: 2009-09-28 05:26 UTC Modified: 2010-06-22 00:26 UTC
From: donquixote dot phplist at googlemail dot com Assigned:
Status: Not a bug Package: PCRE related
PHP Version: 5.2.11 OS: Windows XP
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: donquixote dot phplist at googlemail dot com
New email:
PHP Version: OS:

 

 [2009-09-28 05:26 UTC] donquixote dot phplist at googlemail dot com 
Description:
------------
I found a regex / text combination that causes my apache to crash / restart with preg_replace. The example is a reduced version of Drupal's CSS compression regex.

The regex is not overly complex, and the text is not overly long.

Reproducing this depends on system configuration: On my webspace it does not crash.
But, on my localhost it always crashes with this regex / text combination. Removing a few letters in the text (no matter which) makes the bug not happen.

More info in the linked file.

So:
It seems that preg_replace is not the most robust piece of code. No matter what you feed it, it should never ever crash!

And, btw:
I was going to report this as a comment on http://bugs.php.net/bug.php?id=46551, but the comment form results in an error page.
("Authentication failed: Incorrect username 
Warning: Cannot modify header information - headers already sent by (output started at /home/Web/sites/php-bugs-web/include/auth.inc:30) in /home/Web/sites/php-bugs-web/bug.php on line 232")

Reproduce code:
---------------
standalone script at
http://drupal.org/files/issues/test.php__1.txt

posted here
http://drupal.org/node/444228#comment-2089300

Expected result:
----------------
preg_replace should do its job (compressing the CSS).
Or show a meaningful error message, if there is a valid reason why this is not possible.

Actual result:
--------------
Apache crash / restart, with no useful error message in error.log, except the usual restart messages.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-09-28 06:57 UTC] jani@php.net 
From php.ini-dist:

[Pcre]
;PCRE library backtracking limit.
;pcre.backtrack_limit=100000

;PCRE library recursion limit. 
;Please note that if you set this value to a high number you may consume all 
;the available process stack and eventually crash PHP (due to reaching the 
;stack size limit imposed by the Operating System).
;pcre.recursion_limit=100000

So you should tune these to be such that it won't crash anymore.
 [2009-10-06 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2010-04-25 20:53 UTC] felipe@php.net 
Not a PHP bug.
 [2010-06-22 00:26 UTC] felipe@php.net
-Status: No Feedback +Status: Bogus
 [2010-06-22 00:26 UTC] felipe@php.net 
.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri May 09 15:01:27 2025 UTC