php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #76276 PCRE Segmentation fault before PHP7
Submitted: 2018-04-27 14:36 UTC Modified: 2018-04-27 14:47 UTC
From: drealecs at gmail dot com Assigned:
Status: Wont fix Package: PCRE related
PHP Version: 5.6.36 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: drealecs at gmail dot com
New email:
PHP Version: OS:

 

 [2018-04-27 14:36 UTC] drealecs at gmail dot com 
Description:
------------
There seems to be a buffer overflow in all PHP version 4.* and 5.*
but not on PHP 7.*

Test script:
---------------
$string = '';
for ($i = 0; $i < 10000; $i++) {
    $string .= chr(rand(65, 122));
}
echo "Calling preg_match_all()\n";
preg_match_all('/(\D|3)*/', $string, $matches);

echo "It didn't broke php\n";


Expected result:
----------------
Calling preg_match_all()
It didn't broke php

Actual result:
--------------
Calling preg_match_all()

Segmentation fault

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-04-27 14:37 UTC] drealecs at gmail dot com 
https://3v4l.org/RJt1X
 [2018-04-27 14:41 UTC] spam2 at rhsoft dot net 
> There seems to be a buffer overflow in all 
> PHP version 4.* and 5.* but not on PHP 7.*

so why do you bother to write a new bugreport at 2018-04-27 given that the only 2 supported versions are 7.1 and 7.2?
 [2018-04-27 14:47 UTC] nikic@php.net
-Status: Open +Status: Wont fix
 [2018-04-27 14:47 UTC] nikic@php.net 
This is a classical PCRE stack overflow. PHP 7 is not affected because it uses PCRE JIT by default. The crash can still be reproduced under pcre.jit=0. On PHP 7.3 the issue has been resolved entirely as part of the upgrade to PCRE2, which moved to a non-recursive implementation of the non-JIT matcher in version 10.30.

In any case, PHP 5 is no longer supported for non-security issues and this is not a security issue.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue May 13 12:01:27 2025 UTC