php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #18528 Php crashes upon using eregi_replace
Submitted: 2002-07-24 03:44 UTC Modified: 2002-07-25 16:00 UTC
From: flash at daaw dot org Assigned:
Status: Closed Package: Regexps related
PHP Version: 4.2.2 OS: Redhat linux 7.1 (kernel 2.4.18)
Private report: No CVE-ID: None
 [2002-07-24 03:44 UTC] flash at daaw dot org
Below you see a snippet of a very basic news script that retrieves news items from a file that is build up like this:

<id>:<user>:<date>:<topic>:<bigtext>

below is the script that crashes on eregi_replace, as soon as I comment out the eregi_replace line and change $text1 to $text in the line above, the script works.

--snip--

$n = getdata("$news");
$var1 = 0;
foreach ($n as $a) {
 $var1++;
 if ($var1 < 10) {
  $topic = $a['4'];
  $date = $a['3'];
  $user = $a['2'];
  $text1 = $a['5'];
  $text = eregi_replace("&;&", ":", $text1);

 echo "<TABLE bgColor=\"#ffffff\" border=0 
 cellPadding=0 cellSpacing=0 width=\"100%\"><TR><TD>
 <TABLE bgColor=\"#cccccc\" border=0 cellPadding=1 
 cellSpacing=0 width=\"100%\"><TR><TD>
 <TABLE bgColor=\"#eeeeee\" border=0 cellPadding=3 
 cellSpacing=0 width=\"100%\"><TR>
 <TD align=center><FONT class=option color=\"#363636\">
 <B> $topic.</B></FONT> By $user - $date</TD></TR>
 </TABLE></TD></TR></TABLE>$text </TD></TR></TABLE>
 <br><center><a href=\"#top\">Back to top</a>

--snip--

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-07-24 03:44 UTC] derick@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.
 [2002-07-24 03:45 UTC] flash at daaw dot org
forgot! im using apache 1.3.26 with php compiled as DSO.
 [2002-07-24 03:48 UTC] flash at daaw dot org
the apache error log shows:

FATAL:  emalloc():  Unable to allocate -133048 bytes

one time each time you refresh the script. so it has something to do with the crashing.
 [2002-07-24 03:50 UTC] derick@php.net
Please make a backtrace as asked in an earlier reply.
The location with info on how to do this is: http://bugs.php.net/bugs-generating-backtrace.php

Derick
 [2002-07-24 04:03 UTC] flash at daaw dot org
Backtrace (I dont see errors)

[root@lhurgoyf bin]# gdb ./httpd 
GNU gdb Red Hat Linux (5.1-0.71)
Copyright 2001 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
(gdb) run -X
Starting program: /usr/local/apache/bin/./httpd -X

Program exited with code 01.
(gdb) bt
No stack.
(gdb)
 [2002-07-24 04:10 UTC] msopacua at idg dot nl
Derick: I don't think it's an actual crash :-)

He just runs outof memory, not realizing that the meta-character "&" is 'the match' - but the bug is in PHP, as it is resolving the & character in the result of the operation!

So it seems a recursion eval in ereg functions.
Example:
?php
$text="bla&|&bla2";
$a = eregi_replace("&|&", ":", $text);
$b = str_replace("&|&", ":", $text);
$c = eregi_replace("\\\&|\\\&", ":", $text);
echo "$a\n$b\n$c";
?>

Output:
$ php -f ./tmp.php
bla:|:bla2
bla:bla2
bla&|&bla2
 [2002-07-24 04:16 UTC] msopacua at idg dot nl
strike that please - that's the unescaped pipe ('or') I used.
 [2002-07-24 04:26 UTC] flash at daaw dot org
I just updated to php 4.2.2 from 4.2.1 and I didnt have the problem in 4.2.1 so it has to have something to do with 4.2.2 since I used thesame configure commands.
 [2002-07-24 04:32 UTC] derick@php.net
That doesn't make much sense, as 4.2.2 is exactly the same as 4.2.1 + the security fix and a new configure script.
I suspect the problem lies in the configure script used.
If you have autoconf 2.52 isntalled (check with autoconf --version) then you can try this:

cd php-4.2.2
rm configure
./cvsclean
./buildconf
./configure --your options
make

If this doesn't solve it, you can try try to add --with-regex=system to your configure options.

Derick
 [2002-07-24 04:36 UTC] flash at daaw dot org
I used the same configure script as with version 4.2.1 and I just now went back again to 4.2.1 and the problem is gone again. here are my configure options:

./configure --with-apxs=/usr/local/apache/bin/apxs \
--with-config-file-path=/usr/local/apache/conf \
--with-mysql=/usr/local \
--with-gd \
--with-system-regex

I will retry in a minute with the options as you said.
 [2002-07-24 04:49 UTC] derick@php.net
I think you mean "I used the same configure OPTIONS" as in PHP 4.2.1. Please try to rebuild the configure script like I asked.

Derick
 [2002-07-24 04:58 UTC] flash at daaw dot org
rebuild, retried still not working.
 [2002-07-24 19:32 UTC] sniper@php.net
Please provide a complete, self-contained but short example
script which can be used to reproduce this..

 [2002-07-25 00:46 UTC] flash at daaw dot org
Its already in here in the initial bugreport.
 [2002-07-25 04:52 UTC] sniper@php.net
Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at
http://bugs.php.net/how-to-report.php

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PHP.



 [2002-07-25 05:37 UTC] flash at daaw dot org
what the heck else do you need to know. I stated the code. I told PHP crashed upon executing the eregi_replace instead of running it. that includes all the topics listed in the bug help.
 [2002-07-25 05:55 UTC] sniper@php.net
We need a _self-contained_ short and complete example script. That means a script that you can just copy'n'paste
and run without having to edit it in any way..

 [2002-07-25 07:40 UTC] flash at daaw dot org
<?

$test = "this is a nice text";

$text = eregi_replace("a", "one", "$test");

echo "$text";

?>

--

I noticed also that other eregi functions dont work. like the normal eregi command. could it have something to do with libs I updated on my system ?
 [2002-07-25 07:50 UTC] sniper@php.net
Please try a clean build (from freshly extracted sources)
and DO NOT use system regex..

 [2002-07-25 07:50 UTC] sniper@php.net
Just that you know, I don't get any crash with that script..

 [2002-07-25 08:08 UTC] flash at daaw dot org
I have done this yesterday already, lemme tell you exactly what I did

first. I upgraded from php 4.2.1 to 4.2.2 using the configure script as stated above (so using the system regex) that didnt work

next I installed php 4.2.2 (from a new tarball) without the system regex and it gave exactly thesame problem.

this morning I removed apache and php completely, I extraced new tarballs from both and installed without system regex and I still get thesame problem with all eregi commands.
 [2002-07-25 08:12 UTC] sniper@php.net
Hmm..I tested with the 4.3.0-dev actually..can you try this snapshot:

http://snaps.php.net/php4-latest.tar.gz

Just try it on command line..

 [2002-07-25 08:24 UTC] flash at daaw dot org
first of all, im not a production server and am not interested in running dev versions on that.

second I present a bug in php 4.2.2 and that doesnt mean the bug is in 4.3
 [2002-07-25 08:33 UTC] sniper@php.net
Didn't I ask just trying it on the command line?
ie. ./configure and then use the NOT INSTALLED binary
to run your test script..

 [2002-07-25 10:00 UTC] flash at daaw dot org
tried installing it, it wont install some php modules.
 [2002-07-25 10:28 UTC] flash at daaw dot org
Sniper, do you want to log in to my system to check it out for yourself ???
 [2002-07-25 14:46 UTC] sniper@php.net
What is so difficult in running './configure && make' ????

 [2002-07-25 16:00 UTC] flash at daaw dot org
nothing hard about that, its just that your dev php gives errors in compiling.

doesnt matter tho after reinstalling php and apache 5x removing entire directories. rewriting of files its finally working. but I dont know what I did anymore. so ill leave it to this now. you go on fucking about with the next person that tries to help by posting a bug.

case closed !
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Thu Sep 19 05:01:29 2019 UTC