|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #25754 preg_replace() and preg_replace_callback() crash with long matches
Submitted: 2003-10-04 19:56 UTC Modified: 2004-02-22 15:19 UTC
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: ilya at lebedev dot net Assigned:
Status: Closed Package: Documentation problem
PHP Version: 4CVS-2003-10-04 (stable) OS: Win32
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: ilya at lebedev dot net
New email:
PHP Version: OS:


 [2003-10-04 19:56 UTC] ilya at lebedev dot net
Regular expression from the J.Friedl's "Mastering regular expressions" book that matches pair html tags:

When between <tag> and </tag> are more then 2100 bytes (symbols), Apache crashes.

Same happens without "s" modifier, if string has no "newline" codes.

Reproduce code:
preg_replace("#<tag([^>]*)>(((?!</?tag(?:[^>]*)>).)*)</tag>#si","","<tag> 2200 symbols</tag>");
function callback (&$m) { return "";};
preg_replace_callback ("#<tag([^>]*)>(((?!</?tag(?:[^>]*)>).)*)</tag>#si","callback","<tag> 2200 symbols </tag>");

Expected result:
Match blocks bigger then 2100 symbols long.

Actual result:
With more then 2100 sybmols between tags Apache crashes.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2003-10-04 22:04 UTC]

"The maximum length of a subject string is the largest  
positive number that an integer variable can hold. However, 
PCRE uses recursion to handle subpatterns and indefinite  
repetition. This  means  that the available stack space may 
limit the size of a subject string that can be processed  by  
certain patterns."

This propably should be mentioned in our manual pages too.

(On Linux, the example script worked fine with 9344 chars between the tags, but 9345 crashed)

 [2003-10-28 18:16 UTC] coldrain at workingonit dot org
It seems the bug I reported ( is a duplicate of this one. In this (now bogus) bug report there is more info on a similar, yet different case.
It should be noted that the maximum amount of data between pairs of tags in this PCRE case is not a constant as it differs between platforms, even with the same installed PHP versions. On a Debian box, I was able to process about 11650 bytes between to matching div tags.
 [2004-02-22 15:19 UTC]
This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation better.

 [2011-09-29 13:00 UTC] ferenczy at volny dot cz
It's an Apache stack overflow issue. You probably need to increase Apache thread stack size, which is set on Windows to 1 MB only by default (8 MB on Linux).

See this for more info: (last post from me, [2011-09-29 12:35 UTC])
 [2020-02-07 06:12 UTC]
Automatic comment on behalf of nlopess
Log: fix #25754 note about PCRE limitations
 [2020-02-07 07:30 UTC]
Automatic comment on behalf of nlopess
Log: fix #25754 note about PCRE limitations
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Mar 04 19:01:32 2024 UTC