PHP :: Bug #13170 :: Crash Bug. ereg() with null regex

Bug #13170	Crash Bug. ereg() with null regex
Submitted:	2001-09-06 04:33 UTC	Modified:	2001-12-14 12:54 UTC
From:	yasuo_ohgaki at yahoo dot com	Assigned:
Status:	Closed	Package:	Reproducible crash
PHP Version:	4.0CVS-2001-09-06	OS:	RedHat 7.1
Private report:	No	CVE-ID:	None

View Developer Edit

[2001-09-06 04:33 UTC] yasuo_ohgaki at yahoo dot com

I found this bug while trying to find other memory problem. PHP4.0.7RC1 has different problem with null regex. Problem under PHP4.0.7RC1 cannot reproduce easily, but I think null regex isn't handle well in PHP4.0.7RC1 also.

Program received signal SIGSEGV, Segmentation fault.
0x5f656475 in ?? ()
(gdb) bt
#0  0x5f656475 in ?? ()
#1  0x406304ea in zm_activate_basic (type=1, module_number=5) at basic_functions.c:1040
#2  0x405a4a15 in module_registry_request_startup (module=0x8108e68) at zend_API.c:1145
#3  0x405a7776 in zend_hash_apply (ht=0x4073f240, apply_func=0x405a49e0 <module_registry_request_startup>) at zend_hash.c:669
#4  0x405a0d19 in zend_activate_modules () at zend.c:572
#5  0x405b2143 in php_request_startup () at main.c:685
#6  0x405ae6ef in apache_php_module_main (r=0x817e168, display_source_mode=0) at sapi_apache.c:67
#7  0x405af5e8 in send_php (r=0x817e168, display_source_mode=0, filename=0x817fe58 "/home/yohgaki/public_html/bugs/memory_4.0.7RC1/case3/test.php") at mod_php4.c:575
#8  0x405af662 in send_parsed_php (r=0x817e168) at mod_php4.c:590
#9  0x08055927 in ap_invoke_handler () at eval.c:41
#10 0x08069bdb in process_request_internal () at eval.c:41
#11 0x08069c3c in ap_process_request () at eval.c:41
#12 0x08061011 in child_main () at eval.c:41
#13 0x080611e0 in make_child () at eval.c:41
#14 0x08061354 in startup_children () at eval.c:41
#15 0x080619a3 in standalone_main () at eval.c:41
#16 0x080621db in main () at eval.c:41
#17 0x400a3177 in __libc_start_main (main=0x8061e28 <main>, argc=2, ubp_av=0xbffff9dc, init=0x804fa20 <_init>, fini=0x8099f6c <_fini>, rtld_fini=0x4000e184 <_dl_fini>, stack_end=0xbffff9d4) at ../sysdeps/generic/libc-start.c:129


Script is not shortest, but I thinks it's short enough
<?php
function foo()
{
	$tmp = null;
	$str = 'abc';
	$regex = '';
	echo "foo() called<br>\n";
	if (!eregi($regex,$str,$regs)) {
		return $tmp;
	}
}

function bar() 
{
	// just call foo()
	foo();
}

bar();
?>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-09-06 04:42 UTC] sterling@php.net

it works fine for me with the latest CVS, are you *sure* you tested it with the CVS version (as of today :)  If so, reopen, I just tried your example (same system type), and didn't get a segfault, just an appropriate error.

[2001-09-06 06:01 UTC] yasuo_ohgaki at yahoo dot com

I think the source is last night or the day bofore. PHP doesn't segfault with current CVS. 

I'll update CVS & build before reporting a bug next time. Sorry for bothering you.

[2001-12-14 12:54 UTC] yohgaki@php.net

Just notice this was fixed one

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed May 07 18:01:34 2025 UTC