php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27492 /<tag1>(\n|.)*<\/tag1>/ - this expression crash PHP, while processing long text
Submitted: 2004-03-04 07:50 UTC Modified: 2004-03-13 04:53 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: jakerator at mail dot ru Assigned:
Status: Not a bug Package: *Regular Expressions
PHP Version: 4.3.4, HEAD OS: win32/linux
Private report: No CVE-ID: None
 [2004-03-04 07:50 UTC] jakerator at mail dot ru
Description:
------------
Crassh PHP while processing perl-regular expressions with (\n|.)* or (\s|.)* . PHP crashs only if processing text is too long.

Reproduce code:
---------------
$txt="<tag1> sadf  <....more than 2000 symbols ....> sdf asdf adsf<tag2>";
$res=preg_match("/<tag1>(\n|.)*<\/tag2>/",$txt,$matches);

Expected result:
----------------
PHP and Apache wait for a long time or crash immediatly.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-03-04 08:05 UTC] tony2001@php.net
confirmed with HEAD.
see backtrace below.
-----------
#18038 0x4026aaf7 in match (
    eptr=0x4144c88b "esttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttest---Type <return> to continue, or q <return> to quit---
testtesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttestt"...,
    ecode=0x8193cce "=", offset_top=4, md=0xbfffbf30, ims=0, eptrb=0xbfffb688, flags=2)
    at /root/CVS/php-src/ext/pcre/pcrelib/pcre.c:5676
#18039 0x4026a229 in match (
    eptr=0x4144c88b "esttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttestt"...,
    ecode=0x8193cd2 "?", offset_top=4, md=0xbfffbf30, ims=0, eptrb=0xbfffba28, flags=2)
    at /root/CVS/php-src/ext/pcre/pcrelib/pcre.c:6207
#18040 0x4026aaf7 in match (
    eptr=0x4144c88a "testtesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttest"...,
    ecode=0x8193cce "=", offset_top=2, md=0xbfffbf30, ims=0, eptrb=0xbfffba28, flags=2)
    at /root/CVS/php-src/ext/pcre/pcrelib/pcre.c:5676
#18041 0x4026a9d8 in match (
    eptr=0x4144c88a "testtesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttest"...,
    ecode=0x8193cc7 "IM", offset_top=2, md=0xbfffbf30, ims=0, eptrb=0xbfffbbf8, flags=2)
    at /root/CVS/php-src/ext/pcre/pcrelib/pcre.c:6081
#18042 0x402658c7 in match (
    eptr=0x4144c884 "<tag1>testtesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttestte"...,
    ecode=0x8193cbc "L", offset_top=2, md=0xbfffbf30, ims=0, eptrb=0xbfffbdc8, flags=2)
    at /root/CVS/php-src/ext/pcre/pcrelib/pcre.c:5706
#18043 0x4026afe8 in php_pcre_exec (external_re=0x8193ca0, extra_data=0xbfffbf30,
    subject=0x4144c884 "<tag1>testtesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttestte"..., length=40012,
    start_offset=0, options=1095026820, offsets=0x4143b22c, offsetcount=6)
    at /root/CVS/php-src/ext/pcre/pcrelib/pcre.c:8240

#18044 0x4026be79 in php_pcre_match (ht=1095026820, return_value=0x4145fc0c, this_ptr=0x0, return_value_used=1, global=0)
    at /root/CVS/php-src/ext/pcre/php_pcre.c:475

#18045 0x4026c75e in zif_preg_match (ht=-1073758416, return_value=0xbfffbf30, this_ptr=0xbfffbf30,
    return_value_used=-1073758416) at /root/CVS/php-src/ext/pcre/php_pcre.c:611

#18046 0x4034ac74 in zend_do_fcall_common_helper (execute_data=0xbfffcfe0, opline=0x414481cc, op_array=0x41426ce4)
    at /root/CVS/php-src/Zend/zend_execute.c:2642
#18047 0x4034aded in zend_do_fcall_handler (execute_data=0xbfffcfe0, opline=0x414481cc, op_array=0xbfffbf30)
    at /root/CVS/php-src/Zend/zend_execute.c:2771
#18048 0x403471da in execute (op_array=0x41426ce4) at /root/CVS/php-src/Zend/zend_execute.c:1339
#18049 0x40329a23 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/CVS/php-src/Zend/zend.c:1053

#18050 0x402f2231 in php_execute_script (primary_file=0xbffff340) at /root/CVS/php-src/main/main.c:1647

#18051 0x403512ee in apache_php_module_main (r=0x817fe9c, display_source_mode=0)
    at /root/CVS/php-src/sapi/apache/sapi_apache.c:54

#18052 0x40351e4b in send_php (r=0x817fe9c, display_source_mode=0, filename=0x0)
    at /root/CVS/php-src/sapi/apache/mod_php5.c:621
#18053 0x40352015 in send_parsed_php (r=0x817fe9c) at /root/CVS/php-src/sapi/apache/mod_php5.c:636
#18054 0x0806b1d6 in ap_invoke_handler ()
#18055 0x080811fe in process_request_internal ()
#18056 0x08081668 in ap_internal_redirect ()
#18057 0x0806000a in handle_dir ()
---Type <return> to continue, or q <return> to quit---
#18058 0x0806b1d6 in ap_invoke_handler ()
#18059 0x080811fe in process_request_internal ()
#18060 0x0808125b in ap_process_request ()
#18061 0x08077c14 in child_main ()
#18062 0x08077dc6 in make_child ()
#18063 0x08077f45 in startup_children ()
#18064 0x0807862f in standalone_main ()
#18065 0x08078ec9 in main ()
#18066 0x400d2af7 in __libc_start_main () from /lib/i686/libc.so.6
-----------

This only happens, when the text is bigger than approx. 40Kbytes.
 [2004-03-05 05:03 UTC] jakerator at mail dot ru
But how I can process large texts, wich much more than 40kb?
 [2004-03-11 09:26 UTC] sniper@php.net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.

..and there are known and documented limitations with pcre functions..
 [2004-03-11 10:00 UTC] tony2001@php.net
It still crashes with php5-200403110630 and HEAD.
Backtrace is the same.
 [2004-03-13 04:53 UTC] sniper@php.net
The limitations of pcre lib haven't suddenly vanished..

 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Thu Apr 25 19:01:26 2019 UTC