php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #24563 preg_match crashes PHP
Submitted: 2003-07-09 10:03 UTC Modified: 2003-07-10 11:10 UTC
From: hager at transgene dot fr Assigned:
Status: Closed Package: Apache2 related
PHP Version: 5.0.0b2-dev, 4.3.3RC2-dev OS: Red Hat Linux 8.0
Private report: No CVE-ID: None
 [2003-07-09 10:03 UTC] hager at transgene dot fr
Description:
------------
Hello,
I use the pear DB package to access Sybase ; everything works fine with php 4 but with php 5 it crashes. The backtrace helped me to find out that it was the "preg_match" function's fault, so i could reproduce the following minimal code. I tried it with today's (09/07/2003) CVS with the same result.

The configure line is :
./configure
--with-apxs2=/usr/local/apache2/bin/apxs
--enable-ftp
--with-ldap
--with-kerberos
--with-regex=php
--with-gnu-ld
--with-gettext
--with-zlib
--with-sybase-ct=/opt/sybase/OCS-12_5
--with-debug

Thank you for your help.

Reproduce code:
---------------
<?php
preg_match('/php/i','PHP is the web scripting language of choice.');
?>

Actual result:
--------------
(gdb) run -X
Starting program: /usr/local/apache2/bin/httpd -X
[New Thread 8192 (LWP 7920)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 8192 (LWP 7920)]
0x40225563 in php_pcre_match (ht=2, return_value=0x406f4aec, this_ptr=0x0, return_value_used=0, global=0)
    at /root/php5-200307091330/ext/pcre/php_pcre.c:441
441                                     name_idx = 0xff * name_table[0] + name_table[1];
(gdb) bt
#0  0x40225563 in php_pcre_match (ht=2, return_value=0x406f4aec, this_ptr=0x0, return_value_used=0, global=0)
    at /root/php5-200307091330/ext/pcre/php_pcre.c:441
#1  0x40225d45 in zif_preg_match (ht=2, return_value=0x406f4aec, this_ptr=0x0, return_value_used=0)
    at /root/php5-200307091330/ext/pcre/php_pcre.c:599
#2  0x4030858d in zend_do_fcall_common_helper (execute_data=0xbfffd320, op_array=0x406f49ec)
    at /root/php5-200307091330/Zend/zend_execute.c:2625
#3  0x403086c0 in zend_do_fcall_handler (execute_data=0xbfffd320, op_array=0x406f49ec)
    at /root/php5-200307091330/Zend/zend_execute.c:2756
#4  0x4030479c in execute (op_array=0x406f49ec) at /root/php5-200307091330/Zend/zend_execute.c:1194
#5  0x402f0635 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/php5-200307091330/Zend/zend.c:1017
#6  0x402c450f in php_execute_script (primary_file=0xbffff5d0) at /root/php5-200307091330/main/main.c:1695
#7  0x4030e24c in php_handler (r=0x81c90d0) at /root/php5-200307091330/sapi/apache2handler/sapi_apache2.c:520
#8  0x0807b66a in ap_run_handler (r=0x81c90d0) at config.c:195
#9  0x0807bb82 in ap_invoke_handler (r=0x81c90d0) at config.c:401
#10 0x0806ba97 in ap_process_request (r=0x81c90d0) at http_request.c:288
#11 0x08067cd5 in ap_process_http_connection (c=0x81c4c98) at http_core.c:293
#12 0x08084462 in ap_run_process_connection (c=0x81c4c98) at connection.c:85
#13 0x0807a220 in child_main (child_num_arg=1) at prefork.c:696
#14 0x0807a3ca in make_child (s=0x80b6178, slot=0) at prefork.c:736
#15 0x0807a423 in startup_children (number_to_start=5) at prefork.c:808
#16 0x0807ab15 in ap_mpm_run (_pconf=0x8079afc, plog=0x80ebb50, s=0x80b6178) at prefork.c:1024
#17 0x0807f82e in main (argc=2, argv=0xbffff894) at main.c:660
#18 0x420158d4 in __libc_start_main () from /lib/i686/libc.so.6
(gdb) frame 4
#4  0x4030479c in execute (op_array=0x406f49ec) at /root/php5-200307091330/Zend/zend_execute.c:1194
1194                    if (EX(opline)->handler(&execute_data, op_array TSRMLS_CC)) {
(gdb) print (char *)(executor_globals.function_state_ptr->function)->common.function_name
$1 = 0x40314432 "preg_match"

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-07-09 10:44 UTC] sniper@php.net
Can't reproduce with CLI or Apache 1.3.27.
Some weird Apache2 related issue.

 [2003-07-09 14:00 UTC] sniper@php.net
Happens also with PHP 4.3.3RC2-dev.
 [2003-07-10 04:13 UTC] alan at akbkhome dot com
This is caused by andreis last patch to php_pcre.c/.h - if you  go back to the previous revision, it works fine.
 [2003-07-10 04:41 UTC] hager at transgene dot fr
Alright, I took the files php_pcre.c and php_pcre.h from php-4.3.0 and it works fine now. Thanks for your help !
 [2003-07-10 11:10 UTC] sniper@php.net
This is now fixed in CVS. The patch is simple:

Index: php_compat.h
===================================================================
RCS file: /repository/php-src/main/php_compat.h,v
retrieving revision 1.15
diff -u -r1.15 php_compat.h
--- php_compat.h        4 Jul 2003 18:19:02 -0000       1.15
+++ php_compat.h        10 Jul 2003 16:08:11 -0000
@@ -39,6 +39,7 @@
 #define pcre_maketables                        php_pcre_maketables
 #define pcre_study                             php_pcre_study
 #define pcre_version                   php_pcre_version
+#define pcre_fullinfo                  php_pcre_fullinfo
 #endif
 
 #define lookup                         php_lookup

 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Thu Dec 08 17:05:52 2022 UTC