PHP :: Bug #73724 :: AddressSanitizer: stack-overflow pcre_exec.c:6359 in php_pcre

Bug #73724	AddressSanitizer: stack-overflow pcre_exec.c:6359 in php_pcre_exec
Submitted:	2016-12-12 15:51 UTC	Modified:	2016-12-12 16:10 UTC
From:	rs at revskills dot cz	Assigned:
Status:	Not a bug	Package:	*General Issues
PHP Version:	7.1.0	OS:	linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	rs at revskills dot cz
New email:
PHP Version:		OS:

New Comment:

[2016-12-12 15:51 UTC] rs at revskills dot cz

Description:
------------
AddressSanitizer: stack-overflow pcre_exec.c:6359 in php_pcre_exec

Test script:
---------------
<?php

function replace_variables($text, $params) {
	
	$c = function($matches) use (&$params, &$text) {
		$text = preg_replace( '/(\?)/', array_shift( $params ), $text, 1 );
echo replace_variables('a=?, b=?', array('0', '1')) . "\n";
	};

	preg_replace_callback( '/(\?)/', $c, $text );
	
	return $text;
}

echo replace_variables('a=?', array('0')) . "\n";
echo replace_variables('a=?, b=?', array('0', '1')) . "\n";
echo replace_variables('a=?, b=?, c=?', array('0', '1', '2')) . "\n";
echo "Done\n";
?>


Actual result:
--------------
=================================================================
==19382==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe0a2d9c40 (pc 0x000000647dd2 bp 0x7ffe0a2dafe0 sp 0x7ffe0a2d9c40 T0)
    #0 0x647dd1 in php_pcre_exec /home/fuzzer/PHP/php-7.1.0/ext/pcre/pcrelib/pcre_exec.c:6359
    #1 0x75da33 in php_pcre_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1234:11
    #2 0x75cf75 in php_pcre_replace /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1136:11
    #3 0x76f27e in php_replace_in_subject /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1495:12
    #4 0x76e320 in preg_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1554:17
    #5 0x765006 in zif_preg_replace /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1593:18
    #6 0x16dbe1f in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:675:2
    #7 0x157e1b3 in execute_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:432:7
    #8 0x13e8906 in zend_call_function /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:828:3
    #9 0x13e604a in _call_user_function_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:672:9
    #10 0x7607b0 in preg_do_repl_func /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1103:6
    #11 0x75eb35 in php_pcre_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1325:19
    #12 0x75cf75 in php_pcre_replace /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1136:11
    #13 0x76f27e in php_replace_in_subject /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1495:12
    #14 0x76e320 in preg_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1554:17
    #15 0x7661ed in zif_preg_replace_callback /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1628:18
    #16 0x16db726 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:628:2
    #17 0x157e1b3 in execute_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:432:7
    #18 0x13e8906 in zend_call_function /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:828:3
    #19 0x13e604a in _call_user_function_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:672:9
    #20 0x7607b0 in preg_do_repl_func /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1103:6
    #21 0x75eb35 in php_pcre_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1325:19
    #22 0x75cf75 in php_pcre_replace /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1136:11
    #23 0x76f27e in php_replace_in_subject /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1495:12
    #24 0x76e320 in preg_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1554:17
    #25 0x7661ed in zif_preg_replace_callback /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1628:18
    #26 0x16db726 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:628:2
    #27 0x157e1b3 in execute_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:432:7
    #28 0x13e8906 in zend_call_function /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:828:3
    #29 0x13e604a in _call_user_function_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:672:9
    #30 0x7607b0 in preg_do_repl_func /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1103:6
    #31 0x75eb35 in php_pcre_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1325:19
    #32 0x75cf75 in php_pcre_replace /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1136:11
    #33 0x76f27e in php_replace_in_subject /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1495:12
    #34 0x76e320 in preg_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1554:17
    #35 0x7661ed in zif_preg_replace_callback /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1628:18
    #36 0x16db726 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:628:2
    #37 0x157e1b3 in execute_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:432:7
    #38 0x13e8906 in zend_call_function /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:828:3
    #39 0x13e604a in _call_user_function_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:672:9
    #40 0x7607b0 in preg_do_repl_func /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1103:6
    #41 0x75eb35 in php_pcre_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1325:19
    #42 0x75cf75 in php_pcre_replace /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1136:11
    #43 0x76f27e in php_replace_in_subject /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1495:12
    #44 0x76e320 in preg_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1554:17
    #45 0x7661ed in zif_preg_replace_callback /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1628:18
    #46 0x16db726 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:628:2
    #47 0x157e1b3 in execute_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:432:7
    #48 0x13e8906 in zend_call_function /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:828:3
    #49 0x13e604a in _call_user_function_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:672:9
    #50 0x7607b0 in preg_do_repl_func /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1103:6
    #51 0x75eb35 in php_pcre_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1325:19
    #52 0x75cf75 in php_pcre_replace /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1136:11
    #53 0x76f27e in php_replace_in_subject /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1495:12
    #54 0x76e320 in preg_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1554:17
    #55 0x7661ed in zif_preg_replace_callback /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1628:18
    #56 0x16db726 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:628:2
    #57 0x157e1b3 in execute_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:432:7
    #58 0x13e8906 in zend_call_function /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:828:3
    #59 0x13e604a in _call_user_function_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:672:9
    #60 0x7607b0 in preg_do_repl_func /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1103:6
    #61 0x75eb35 in php_pcre_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1325:19
    #62 0x75cf75 in php_pcre_replace /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1136:11
    #63 0x76f27e in php_replace_in_subject /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1495:12
    #64 0x76e320 in preg_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1554:17
    #65 0x7661ed in zif_preg_replace_callback /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1628:18
    #66 0x16db726 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:628:2
    #67 0x157e1b3 in execute_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:432:7
    #68 0x13e8906 in zend_call_function /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:828:3
    #69 0x13e604a in _call_user_function_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:672:9
    #70 0x7607b0 in preg_do_repl_func /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1103:6
    #71 0x75eb35 in php_pcre_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1325:19
    #72 0x75cf75 in php_pcre_replace /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1136:11
    #73 0x76f27e in php_replace_in_subject /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1495:12
    #74 0x76e320 in preg_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1554:17
    #75 0x7661ed in zif_preg_replace_callback /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1628:18
    #76 0x16db726 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:628:2
    #77 0x157e1b3 in execute_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:432:7
    #78 0x13e8906 in zend_call_function /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:828:3
    #79 0x13e604a in _call_user_function_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:672:9
    #80 0x7607b0 in preg_do_repl_func /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1103:6
    #81 0x75eb35 in php_pcre_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1325:19
    #82 0x75cf75 in php_pcre_replace /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1136:11
    #83 0x76f27e in php_replace_in_subject /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1495:12
    #84 0x76e320 in preg_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1554:17
    #85 0x7661ed in zif_preg_replace_callback /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1628:18
    #86 0x16db726 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:628:2
    #87 0x157e1b3 in execute_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:432:7
    #88 0x13e8906 in zend_call_function /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:828:3
    #89 0x13e604a in _call_user_function_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:672:9
    #90 0x7607b0 in preg_do_repl_func /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1103:6
    #91 0x75eb35 in php_pcre_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1325:19
    #92 0x75cf75 in php_pcre_replace /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1136:11
    #93 0x76f27e in php_replace_in_subject /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1495:12
    #94 0x76e320 in preg_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1554:17
    #95 0x7661ed in zif_preg_replace_callback /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1628:18
    #96 0x16db726 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:628:2
    #97 0x157e1b3 in execute_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:432:7
    #98 0x13e8906 in zend_call_function /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:828:3
    #99 0x13e604a in _call_user_function_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:672:9
    #100 0x7607b0 in preg_do_repl_func /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1103:6
    #101 0x75eb35 in php_pcre_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1325:19
    #102 0x75cf75 in php_pcre_replace /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1136:11
    #103 0x76f27e in php_replace_in_subject /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1495:12
    #104 0x76e320 in preg_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1554:17
    #105 0x7661ed in zif_preg_replace_callback /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1628:18
    #106 0x16db726 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:628:2
    #107 0x157e1b3 in execute_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:432:7
    #108 0x13e8906 in zend_call_function /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:828:3
    #109 0x13e604a in _call_user_function_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:672:9
    #110 0x7607b0 in preg_do_repl_func /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1103:6
    #111 0x75eb35 in php_pcre_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1325:19
    #112 0x75cf75 in php_pcre_replace /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1136:11
    #113 0x76f27e in php_replace_in_subject /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1495:12
    #114 0x76e320 in preg_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1554:17
    #115 0x7661ed in zif_preg_replace_callback /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1628:18
    #116 0x16db726 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:628:2
    #117 0x157e1b3 in execute_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:432:7
    #118 0x13e8906 in zend_call_function /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:828:3
    #119 0x13e604a in _call_user_function_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:672:9
    #120 0x7607b0 in preg_do_repl_func /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1103:6
    #121 0x75eb35 in php_pcre_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1325:19
    #122 0x75cf75 in php_pcre_replace /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1136:11
    #123 0x76f27e in php_replace_in_subject /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1495:12
    #124 0x76e320 in preg_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1554:17
    #125 0x7661ed in zif_preg_replace_callback /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1628:18
    #126 0x16db726 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:628:2
    #127 0x157e1b3 in execute_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:432:7
    #128 0x13e8906 in zend_call_function /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:828:3
    #129 0x13e604a in _call_user_function_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:672:9
    #130 0x7607b0 in preg_do_repl_func /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1103:6
    #131 0x75eb35 in php_pcre_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1325:19
    #132 0x75cf75 in php_pcre_replace /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1136:11
    #133 0x76f27e in php_replace_in_subject /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1495:12
    #134 0x76e320 in preg_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1554:17
    #135 0x7661ed in zif_preg_replace_callback /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1628:18
    #136 0x16db726 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:628:2
    #137 0x157e1b3 in execute_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:432:7
    #138 0x13e8906 in zend_call_function /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:828:3
    #139 0x13e604a in _call_user_function_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:672:9
    #140 0x7607b0 in preg_do_repl_func /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1103:6
    #141 0x75eb35 in php_pcre_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1325:19
    #142 0x75cf75 in php_pcre_replace /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1136:11
    #143 0x76f27e in php_replace_in_subject /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1495:12
    #144 0x76e320 in preg_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1554:17
    #145 0x7661ed in zif_preg_replace_callback /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1628:18
    #146 0x16db726 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:628:2
    #147 0x157e1b3 in execute_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:432:7
    #148 0x13e8906 in zend_call_function /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:828:3
    #149 0x13e604a in _call_user_function_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:672:9
    #150 0x7607b0 in preg_do_repl_func /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1103:6
    #151 0x75eb35 in php_pcre_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1325:19
    #152 0x75cf75 in php_pcre_replace /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1136:11
    #153 0x76f27e in php_replace_in_subject /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1495:12
    #154 0x76e320 in preg_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1554:17
    #155 0x7661ed in zif_preg_replace_callback /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1628:18
    #156 0x16db726 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:628:2
    #157 0x157e1b3 in execute_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:432:7
    #158 0x13e8906 in zend_call_function /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:828:3
    #159 0x13e604a in _call_user_function_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:672:9
    #160 0x7607b0 in preg_do_repl_func /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1103:6
    #161 0x75eb35 in php_pcre_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1325:19
    #162 0x75cf75 in php_pcre_replace /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1136:11
    #163 0x76f27e in php_replace_in_subject /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1495:12
    #164 0x76e320 in preg_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1554:17
    #165 0x7661ed in zif_preg_replace_callback /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1628:18
    #166 0x16db726 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:628:2
    #167 0x157e1b3 in execute_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:432:7
    #168 0x13e8906 in zend_call_function /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:828:3
    #169 0x13e604a in _call_user_function_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:672:9
    #170 0x7607b0 in preg_do_repl_func /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1103:6
    #171 0x75eb35 in php_pcre_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1325:19
    #172 0x75cf75 in php_pcre_replace /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1136:11
    #173 0x76f27e in php_replace_in_subject /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1495:12
    #174 0x76e320 in preg_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1554:17
    #175 0x7661ed in zif_preg_replace_callback /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1628:18
    #176 0x16db726 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:628:2
    #177 0x157e1b3 in execute_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:432:7
    #178 0x13e8906 in zend_call_function /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:828:3
    #179 0x13e604a in _call_user_function_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:672:9
    #180 0x7607b0 in preg_do_repl_func /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1103:6
    #181 0x75eb35 in php_pcre_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1325:19
    #182 0x75cf75 in php_pcre_replace /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1136:11
    #183 0x76f27e in php_replace_in_subject /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1495:12
    #184 0x76e320 in preg_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1554:17
    #185 0x7661ed in zif_preg_replace_callback /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1628:18
    #186 0x16db726 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:628:2
    #187 0x157e1b3 in execute_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:432:7
    #188 0x13e8906 in zend_call_function /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:828:3
    #189 0x13e604a in _call_user_function_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:672:9
    #190 0x7607b0 in preg_do_repl_func /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1103:6
    #191 0x75eb35 in php_pcre_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1325:19
    #192 0x75cf75 in php_pcre_replace /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1136:11
    #193 0x76f27e in php_replace_in_subject /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1495:12
    #194 0x76e320 in preg_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1554:17
    #195 0x7661ed in zif_preg_replace_callback /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1628:18
    #196 0x16db726 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:628:2
    #197 0x157e1b3 in execute_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:432:7
    #198 0x13e8906 in zend_call_function /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:828:3
    #199 0x13e604a in _call_user_function_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:672:9
    #200 0x7607b0 in preg_do_repl_func /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1103:6
    #201 0x75eb35 in php_pcre_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1325:19
    #202 0x75cf75 in php_pcre_replace /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1136:11
    #203 0x76f27e in php_replace_in_subject /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1495:12
    #204 0x76e320 in preg_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1554:17
    #205 0x7661ed in zif_preg_replace_callback /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1628:18
    #206 0x16db726 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:628:2
    #207 0x157e1b3 in execute_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:432:7
    #208 0x13e8906 in zend_call_function /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:828:3
    #209 0x13e604a in _call_user_function_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:672:9
    #210 0x7607b0 in preg_do_repl_func /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1103:6
    #211 0x75eb35 in php_pcre_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1325:19
    #212 0x75cf75 in php_pcre_replace /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1136:11
    #213 0x76f27e in php_replace_in_subject /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1495:12
    #214 0x76e320 in preg_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1554:17
    #215 0x7661ed in zif_preg_replace_callback /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1628:18
    #216 0x16db726 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:628:2
    #217 0x157e1b3 in execute_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:432:7
    #218 0x13e8906 in zend_call_function /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:828:3
    #219 0x13e604a in _call_user_function_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:672:9
    #220 0x7607b0 in preg_do_repl_func /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1103:6
    #221 0x75eb35 in php_pcre_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1325:19
    #222 0x75cf75 in php_pcre_replace /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1136:11
    #223 0x76f27e in php_replace_in_subject /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1495:12
    #224 0x76e320 in preg_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1554:17
    #225 0x7661ed in zif_preg_replace_callback /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1628:18
    #226 0x16db726 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:628:2
    #227 0x157e1b3 in execute_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:432:7
    #228 0x13e8906 in zend_call_function /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:828:3
    #229 0x13e604a in _call_user_function_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:672:9
    #230 0x7607b0 in preg_do_repl_func /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1103:6
    #231 0x75eb35 in php_pcre_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1325:19
    #232 0x75cf75 in php_pcre_replace /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1136:11
    #233 0x76f27e in php_replace_in_subject /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1495:12
    #234 0x76e320 in preg_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1554:17
    #235 0x7661ed in zif_preg_replace_callback /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1628:18
    #236 0x16db726 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:628:2
    #237 0x157e1b3 in execute_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:432:7
    #238 0x13e8906 in zend_call_function /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:828:3
    #239 0x13e604a in _call_user_function_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:672:9
    #240 0x7607b0 in preg_do_repl_func /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1103:6
    #241 0x75eb35 in php_pcre_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1325:19
    #242 0x75cf75 in php_pcre_replace /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1136:11
    #243 0x76f27e in php_replace_in_subject /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1495:12
    #244 0x76e320 in preg_replace_impl /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1554:17
    #245 0x7661ed in zif_preg_replace_callback /home/fuzzer/PHP/php-7.1.0/ext/pcre/php_pcre.c:1628:18
    #246 0x16db726 in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:628:2
    #247 0x157e1b3 in execute_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_vm_execute.h:432:7
    #248 0x13e8906 in zend_call_function /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:828:3
    #249 0x13e604a in _call_user_function_ex /home/fuzzer/PHP/php-7.1.0/Zend/zend_execute_API.c:672:9

SUMMARY: AddressSanitizer: stack-overflow /home/fuzzer/PHP/php-7.1.0/ext/pcre/pcrelib/pcre_exec.c:6359 in php_pcre_exec
==19382==ABORTING

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-12-12 16:10 UTC] requinix@php.net

-Status: Open +Status: Not a bug

[2016-12-12 16:10 UTC] requinix@php.net

More infinite recursion: replace_variables -> preg_replace_callback -> $c -> replace_variables.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 17:01:58 2024 UTC