php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #54317 Regexp crashes Apache/PHP
Submitted: 2011-03-19 16:05 UTC Modified: 2016-08-20 12:11 UTC
Votes:4
Avg. Score:3.2 ± 1.5
Reproduced:3 of 4 (75.0%)
Same Version:1 (33.3%)
Same OS:3 (100.0%)
From: christian dot achatz at adventure-php-framework Assigned: cmb (profile)
Status: Not a bug Package: PCRE related
PHP Version: 5.3.6 OS: Windows
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: christian dot achatz at adventure-php-framework
New email:
PHP Version: OS:

 

 [2011-03-19 16:05 UTC] christian dot achatz at adventure-php-framework 
Description:
------------
---
From manual page: http://www.php.net/function.preg-replace#Description
---
Calling the script below apache crashes on windows installations. After removing almost any of the lines inside $notworking apache will NOT crash, no matter which line was removed in most cases.


Here is the system list that causes a crash or not:

Windows 7 SP1 (64bit) | XAMPP | Apache/2.2.17 (Win32) | PHP 5.3.5 | <<<<<<< CRASH!
Windows XP (32+64bit) | XAMPP | Apache 2.2.17 | PHP 5.3.5 | <<<<<<< CRASH!
WinXP 32Bit / Apache 2.2.17 / PHP 5.2.14 <<<<<<< CRASH!
Fedora 32Bit / Apache 2.2.15 / PHP 5.3.3 --> OK
Ubuntu 10.10 32Bit / Apache2 2.2.16 / PHP 5.3.3 -> OK

Test script:
---------------
<?php
echo 'Is the following crashing apache or whatever?<br />'.PHP_EOL;

// After removing almost any of the lines inside $notworking apache will NOT crash, no matter which line was removed in most cases.

$notworking = '<?php

//<*IslandStorageBase:start*> DO NOT CHANGE THIS COMMENT!
/**
* Automatically generated BaseObject for IslandStorage. !!DO NOT CHANGE THIS BASE-CLASS!!
* CHANGES WILL BE OVERWRITTEN WHEN UPDATING!!
* You can change class "IslandStorage" which will extend this base-class.
*/
class IslandStorageBase extends AbstractSimpleStorage {
}
<*IslandStorageBase:end*>
?>';

$content = preg_replace(
  '%//<\*IslandStorageBase:start\*>(.)+<\*IslandStorageBase:end\*>%s',
  'test',
  $notworking
);

echo 'If you can see this everything seems to be working fine.';

?>

Expected result:
----------------
Is the following crashing apache or whatever?
If you can see this everything seems to be working fine.

Actual result:
--------------
Apache crashes with the following log entry:

Parent: child process exited with status xyz -- Restarting.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-03-19 17:56 UTC] pajoye@php.net
-Status: Open +Status: Bogus
 [2011-03-19 17:56 UTC] pajoye@php.net 
Stack size problem. You can run the script through the CLI sapi to see that PHP 
actually works. However Apache has a smaller stack and causes such regexp to crash 
(or similar side effect). Increase the stack of Apache to fix this problem. Use 
Editbin for that: http://msdn.microsoft.com/en-us/library/d25ddyfc(v=VS.80).aspx
 [2011-03-19 17:56 UTC] pajoye@php.net
-Status: Bogus +Status: To be documented
 [2011-03-19 17:56 UTC] pajoye@php.net 
Maybe worth adding my last comment to the PHP manual.
 [2011-03-25 10:22 UTC] christian dot achatz at adventure-php-framework 
Thanks for your analysis. I'll try the solution described on the MSDN article.
 [2016-08-20 10:37 UTC] cmb@php.net
-Package: Regexps related +Package: PCRE related
 [2016-08-20 12:11 UTC] cmb@php.net
-Status: Open +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2016-08-20 12:11 UTC] cmb@php.net 
The potential stack exhaustion is alread noted in the manual, see
<http://php.net/manual/en/pcre.configuration.php#ini.pcre.recursion-limit>.
More detailed information might quickly become out-dated.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Jul 03 12:01:33 2025 UTC