php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #53099 mb_ereg_replace uses 100% cpu and takes >10 minutes to execute.
Submitted: 2010-10-18 17:28 UTC Modified: 2016-08-20 15:24 UTC
Votes:4
Avg. Score:3.2 ± 0.4
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:0 (0.0%)
From: phpnet at rcpt dot at Assigned: cmb (profile)
Status: Not a bug Package: mbstring related
PHP Version: 5.3.3 OS: Ubuntu 9.10
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: phpnet at rcpt dot at
New email:
PHP Version: OS:

 

 [2010-10-18 17:28 UTC] phpnet at rcpt dot at 
Description:
------------
I have written a mb_trim function in php which uses ereg_replace to trim strings in the same manner as trim() does.

The function is available at http://php.net/manual/en/ref.mbstring.php
Under the heading 'phpnet at rcpt dot at - 19-Aug-2010 02:46'

Using the string excerpt from our production environment (http://pastebin.com/wmyjPmBV), ereg_replace appears to enter some sort of recursive loop, in my environment it takes 100% cpu for 20 minutes before finally returning the correct result.

When the section which reads: array( "\s","\t","\n","\r", "\0", "\x0B" )

...is changed to array( "\s", "\0", "\x0B" ) then ereg_replace returns promptly with the correct result.



Test script:
---------------
The function is available at http://php.net/manual/en/ref.mbstring.php
Under the heading 'phpnet at rcpt dot at - 19-Aug-2010 02:46'

It is also available here:
http://pastebin.com/CCpaVXay

The (serialized) string that causes the problem is:
s:488:"<I>Swans	</I>																						Wisely moving from the middle of July to the middle of autumn, this indoor, forward-thinking avant-rock weekend brings together all sorts of fiercely experimental noisemakers, from psychedelic-folk to death metal, with a hotly anticipated headline set from Michael Gira's New York noise inspiration Swans. Don't expect many stony-faced rock nerds, though. The organisers serve tea and cake throughout and they're promising other fun and games this year.";


It is also available for download here:
http://pastebin.com/wmyjPmBV

You can execute the script with the following syntax:
<?php mb_trim( $string );

Expected result:
----------------
PHP will return the correct result quickly.

Actual result:
--------------
PHP will run at 100% CPU for 20 minutes.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-10-18 22:32 UTC] felipe@php.net
-Package: Regexps related +Package: mbstring related
 [2010-10-18 22:32 UTC] felipe@php.net 
s/ereg_replace/mb_ereg_replace/g :)
 [2010-10-18 22:38 UTC] felipe@php.net
-Summary: ereg_replace uses 100% cpu and takes >10 minutes to execute. +Summary: mb_ereg_replace uses 100% cpu and takes >10 minutes to execute.
 [2010-10-19 12:52 UTC] phpnet at rcpt dot at 
Thanks felipe, sorry about that; to avoid confusion, I mean 'mb_ereg_replace' not 'ereg_replace'.
 [2010-11-07 14:52 UTC] felipe@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: moriyoshi
 [2016-07-30 11:34 UTC] cmb@php.net 
Related To: Bug #60664
 [2016-07-30 13:06 UTC] ju1ius at laposte dot net 
This is not a bug, this is catastrophic backtracking.
http://www.regular-expressions.info/catastrophic.html

The second pattern in your function is problematic:
`(\s|\t|\n\r)*$`
All regexps engines will choke on that.
 [2016-08-20 15:24 UTC] cmb@php.net
-Status: Assigned +Status: Not a bug -Assigned To: moriyoshi +Assigned To: cmb
 [2016-08-20 15:24 UTC] cmb@php.net 
> The second pattern in your function is problematic:
> `(\s|\t|\n\r)*$`

Indeed. Request #72777 appears to be helpful in this regard.
 [2016-09-01 11:11 UTC] yohgaki@php.net 
Related To: Bug #72777
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Wed Dec 04 08:01:29 2024 UTC