PHP :: Bug #21615 :: PCRE segfault with (very) large string.

Bug #21615

PCRE segfault with (very) large string.

Submitted:

2003-01-13 07:51 UTC

Modified:

2003-06-04 00:26 UTC

Votes:	4
Avg. Score:	4.0 ± 1.0
Reproduced:	3 of 3 (100.0%)
Same Version:	0 (0.0%)
Same OS:	1 (33.3%)

From:

olivier dot gondouin at planet-service dot fr

Assigned:

Status:

No Feedback

Package:

Reproducible crash

PHP Version:

4.3.0

OS:

GNU/linux

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	olivier dot gondouin at planet-service dot fr
New email:
PHP Version:		OS:

New/Additional Comment:

[2003-01-13 07:51 UTC] olivier dot gondouin at planet-service dot fr

PCRE segfault on a big regular expression on a really big string (>17490 chars)


special parameters in php.ini file:
memory_limit = 64M

test script:
http://planet-service.fr/test2.php.gz
this script test a substring of the crashing string.
a loop do the test with this substring, and increase the size of the string at each step and print out the size.

I put 17490 as starting size as that crash at 17491. The parameters at at the end of the script (after the string itself).


compilation options:

./configure  --prefix=/opt/php-4.3.0 --with-apache=../apache_1.3.27 --with-config-file-path=/opt/php-4.3.0/lib --enable-calendar --enable-track-vars --enable-ftp --with-readline --with-imap=/opt/c-client --with-openssl=/opt/openssl --with
-gdbm=/usr --with-mysql=/opt/mysql --with-pgsql=/opt/postgresql --enable-trans-sid -with-regex=php --enable-sysvsem --enable-sysvshm --enable-memory-limit --enable-debug=no --with-ttf=/opt/freetype --with-t1lib=/opt/t1lib --with-xml --enable-sockets --with-jpeg-dir=/opt/jpeg --with-tiff-dir=/opt/tiff --with-png-dir=/opt/libpng --with-zlib-dir=/opt/zlib --with-gd --enable-gd-native-ttf --enable-exif --with-pdflib=/opt/pdflib --enable-bcmath --with-ming=/opt/ming --with-bz2=/opt/bzip2 --with-zlib --with-dom=/opt/libxml2 --with-dom-xslt=/opt/libxslt
--with-dom-exslt=/opt/libxslt --enable-xslt --with-xslt-sablot=/opt/sablotron --with-expat-dir=/opt/expat --with-ldap=/opt/openldap --with-mcal=/opt/libmcal --with-curl=/opt/curl-7.10.2 --with-iconv=/opt/libiconv --enable-mbstring --with-zip=/opt/zziplib

Olivier

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-01-13 09:53 UTC] iliaa@php.net

Cannot download the test script due to what appears to be a parse error. Could you please make the file avaliable as text (.txt).

[2003-01-13 10:55 UTC] olivier dot gondouin at planet-service dot fr

I'm really sorry:

http://planet-service.fr/test2.php.gz

[2003-01-13 10:56 UTC] olivier dot gondouin at planet-service dot fr

oops:
http://planet-service.fr/test2.txt.gz

[2003-01-13 16:26 UTC] iliaa@php.net

The actual crash occurs inside the pcrelib, so it could pcre related, but since I am unable to replicate the crash using pcre command line tools it maybe PHP related after all.

[2003-01-13 17:14 UTC] olivier dot gondouin at planet-service dot fr

for information ther's the same bug on php-4.2.3 compiled more infos.

With same parameters (only gd external lib was used instead of 4.3 bundled).

But this works fine on Mandrake linux 8.2 system with its own rpmized php (php-4.1.2 I think).
Don't know if Mandrake team applied a special patch on sources???

[2003-01-13 17:21 UTC] iliaa@php.net

Could you please confirm the PHP & PCRE version that are used in the 'working' version, that would be of great help.

[2003-01-14 09:42 UTC] olivier dot gondouin at planet-service dot fr

after php.ini: 
the working php is 4.1.2 from this distribution/kernel:
Linux montreal.mandrakesoft.com 2.4.18-1mdksmp #1 SMP

configure options are (after php.ini):
 './configure' '--disable-static' '--disable-debug' '--disable-rpath' '--enable-pic' '--enable-inline-optimization' '--prefix=/usr' '--with-zlib' '--with-config-file-path=/etc' '--enable-magic-quotes' '--enable-debugger' '--enable-track-vars' '--enable-safe-mode' '--with-exec-dir=/usr/bin' '--with-regex=system' '--with-versioning' '--enable-sysvsem' '--enable-sysvshm' '--with-mod_charset' '--enable-force-cgi-redirect' '--enable-trans-sid' '--with-dbase' '--with-filepro' '--enable-yp' '--enable-ftp' '--with-gettext' '--with-ttf' '--with-freetype-dir'  [Some modules are external: look for packages php-pgsql,php-mysql,...]

PCRE is:
PCRE Library Version3.4 22-Aug-2000

[2003-03-04 04:03 UTC] moriyoshi@php.net

Similar to bug #21389

[2003-05-30 10:26 UTC] iliaa@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

[2003-06-04 00:26 UTC] sniper@php.net

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Apr 20 05:01:27 2024 UTC