php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #23633 Seg. Fault on ugly preg matching
Submitted: 2003-05-14 23:22 UTC Modified: 2003-05-15 09:21 UTC
From: sprice at wisc dot edu Assigned:
Status: Not a bug Package: PCRE related
PHP Version: 4CVS-2003-05-14 (stable) OS: Mac OS 10.2.6
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: sprice at wisc dot edu
New email:
PHP Version: OS:

 

 [2003-05-14 23:22 UTC] sprice at wisc dot edu
This code:
<?php
$glossary = file_get_contents( '/Users/sprice/Desktop/
glossary.htm' );
$matches = array();

preg_match_all( '/<td width="140"><b><font face="Arial, 
Helvetica, sans-serif" size="2">(\S|\s)+<\/font><\/
b><\/td>\s+<td width="525">/', $glossary, $matches );
?>
(glossary.htm can be found here:
http://botit.botany.wisc.edu/courses/structure_cd/
glossary.htm )

causes a segmentation fault (at least when run from the 
CLI). I suspect it is because it matches approx. 25764 
(227^2/2) things in the given html document. This also 
occurs when you replace preg_match_all() with 
preg_match().

This is output from GDB (Someone might want to 
duplicate results because I don't know what I am doing 
w/ GDB):
Program received signal EXC_BAD_ACCESS, Could not 
access memory.
match (eptr=0x49907f "ze=\"2\">multiple \r\n", ' ' 
<repeats 18 times>, "nuclei bounded by a single cell 
wall</font></td>\r\n", ' ' <repeats 14 times>, "</
tr>\r\n", ' ' <repeats 14 times>, "<tr> \r\n", ' ' 
<repeats 16 times>, "<td width=\"140\"><b><font 
face=\"Arial, Helvetica, sans-se"..., ecode=0x46f62f 
"=", offset_top=4, md=0xbfffd790, ims=0, 
eptrb=0xbff80290, flags=2) at /usr/local/php/php4-
STABLE-200305150330/ext/pcre/pcrelib/pcre.c:4136
4136    {


I can see why PHP would crash, but any crash is a bad 
crash, no?

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-05-15 09:21 UTC] sniper@php.net
See bug #13618 and bug #20698 

 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Nov 29 04:03:13 2021 UTC