php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #16851 Segfaults in pcre with locale support
Submitted: 2002-04-26 08:39 UTC Modified: 2002-09-11 10:59 UTC
From: fago at venere dot com Assigned:
Status: Not a bug Package: PCRE related
PHP Version: 4.2.0 OS: linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: fago at venere dot com
New email:
PHP Version: OS:

 

 [2002-04-26 08:39 UTC] fago at venere dot com
I was exeperinecing a lot of segfaults in apache error_log, but I was not able to identify a simple script that could cause this error, since it seemed to happen randomly in our programs (a script that works well only sometimes causes the segfault).
From the backtrace I found out the problem was inside pcre library:

#0  0x40215f38 in strcmp () from /lib/i686/libc.so.6
#1  0x404bf3ff in pcre_get_compiled_regex () from /usr/lib/apache/libphp4.so
#2  0x404bfbe5 in php_pcre_match () from /usr/lib/apache/libphp4.so
#3  0x404bff8d in zif_preg_match_all () from /usr/lib/apache/libphp4.so
#4  0x4046cd8d in execute () from /usr/lib/apache/libphp4.so
#5  0x4047db98 in zend_execute_scripts () from /usr/lib/apache/libphp4.so
#6  0x4048ba56 in php_execute_script () from /usr/lib/apache/libphp4.so
#7  0x4048763a in apache_php_module_main () from /usr/lib/apache/libphp4.so
#8  0x404881c3 in send_php () from /usr/lib/apache/libphp4.so
#9  0x40488223 in send_parsed_php () from /usr/lib/apache/libphp4.so
#10 0x080549fd in ap_invoke_handler ()
#11 0x0806732c in process_request_internal ()
#12 0x080673a3 in ap_process_request ()
#13 0x0805f7c7 in child_main ()
#14 0x0805fa09 in make_child ()
#15 0x0805faad in startup_children ()
#16 0x080600fd in standalone_main ()
#17 0x080609f3 in main ()
#18 0x401ac627 in __libc_start_main (main=0x8060570 <main>, argc=1, ubp_av=0xbffff714, 
    init=0x804f328 <_init>, fini=0x8074e90 <_fini>, rtld_fini=0x4000dcc4 <_dl_fini>, stack_end=0xbffff70c)
    at ../sysdeps/generic/libc-start.c:129


Looking at the source code I found out a possible bug.
I include here a patch for the modifications I have made which seems to have fixed the problem.

Regards,
Matteo Fago


--- pcre/php_pcre.c.orig        Fri Apr 26 14:03:31 2002
+++ pcre/php_pcre.c     Fri Apr 26 14:05:47 2002
@@ -64,6 +64,7 @@
        pefree(pce->re, 1);
 #if HAVE_SETLOCALE
        if ((void*)pce->tables) pefree((void*)pce->tables, 1);
+       if ((void*)pce->locale) pefree((void*)pce->locale, 1);
 #endif
 }
 
@@ -151,7 +152,7 @@
        regex_len = strlen(regex);
        if (zend_hash_find(&PCRE_G(pcre_cache), regex, regex_len+1, (void **)&pce) == SUCCESS) {
 #if HAVE_SETLOCALE
-               if (!strcmp(pce->locale, locale)) {
+               if (locale!=NULL && pce->locale!=NULL && !strcmp(pce->locale, locale)) {
 #endif
                        *extra = pce->extra;
                        *preg_options = pce->preg_options;
@@ -298,7 +299,12 @@
        new_entry.extra = *extra;
        new_entry.preg_options = poptions;
 #if HAVE_SETLOCALE
-       new_entry.locale = locale;
+       if (locale!=NULL) {
+               new_entry.locale = php_pcre_malloc(strlen(locale)+1);
+               strcpy(new_entry.locale,locale);
+       } else {
+               new_entry.locale=locale;
+       }
        new_entry.tables = tables;
 #endif
        zend_hash_update(&PCRE_G(pcre_cache), regex, regex_len+1, (void *)&new_entry,





Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-04-26 14:02 UTC] sniper@php.net
Can you also add a simple and short script which can
be used to reproduce this ?

 [2002-09-11 10:59 UTC] sniper@php.net
Thank you for taking the time to report a problem with PHP.
Unfortunately you are not using a current version of PHP -- 
the problem might already be fixed. Please download a new
PHP version from http://www.php.net/downloads.php

If you are able to reproduce the bug with one of the latest
versions of PHP, please change the PHP version on this bug report
to the version you tested and change the status back to "Open".
Again, thank you for your continued support of PHP.


 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Tue Dec 07 12:03:34 2021 UTC