|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27492 /<tag1>(\n|.)*<\/tag1>/ - this expression crash PHP, while processing long text
Submitted: 2004-03-04 07:50 UTC Modified: 2004-03-13 04:53 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: jakerator at mail dot ru Assigned:
Status: Not a bug Package: *Regular Expressions
PHP Version: 4.3.4, HEAD OS: win32/linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: jakerator at mail dot ru
New email:
PHP Version: OS:


 [2004-03-04 07:50 UTC] jakerator at mail dot ru
Crassh PHP while processing perl-regular expressions with (\n|.)* or (\s|.)* . PHP crashs only if processing text is too long.

Reproduce code:
$txt="<tag1> sadf  <....more than 2000 symbols ....> sdf asdf adsf<tag2>";

Expected result:
PHP and Apache wait for a long time or crash immediatly.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2004-03-04 08:05 UTC]
confirmed with HEAD.
see backtrace below.
#18038 0x4026aaf7 in match (
    eptr=0x4144c88b "esttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttest---Type <return> to continue, or q <return> to quit---
    ecode=0x8193cce "=", offset_top=4, md=0xbfffbf30, ims=0, eptrb=0xbfffb688, flags=2)
    at /root/CVS/php-src/ext/pcre/pcrelib/pcre.c:5676
#18039 0x4026a229 in match (
    eptr=0x4144c88b "esttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttestt"...,
    ecode=0x8193cd2 "?", offset_top=4, md=0xbfffbf30, ims=0, eptrb=0xbfffba28, flags=2)
    at /root/CVS/php-src/ext/pcre/pcrelib/pcre.c:6207
#18040 0x4026aaf7 in match (
    eptr=0x4144c88a "testtesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttest"...,
    ecode=0x8193cce "=", offset_top=2, md=0xbfffbf30, ims=0, eptrb=0xbfffba28, flags=2)
    at /root/CVS/php-src/ext/pcre/pcrelib/pcre.c:5676
#18041 0x4026a9d8 in match (
    eptr=0x4144c88a "testtesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttest"...,
    ecode=0x8193cc7 "IM", offset_top=2, md=0xbfffbf30, ims=0, eptrb=0xbfffbbf8, flags=2)
    at /root/CVS/php-src/ext/pcre/pcrelib/pcre.c:6081
#18042 0x402658c7 in match (
    eptr=0x4144c884 "<tag1>testtesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttestte"...,
    ecode=0x8193cbc "L", offset_top=2, md=0xbfffbf30, ims=0, eptrb=0xbfffbdc8, flags=2)
    at /root/CVS/php-src/ext/pcre/pcrelib/pcre.c:5706
#18043 0x4026afe8 in php_pcre_exec (external_re=0x8193ca0, extra_data=0xbfffbf30,
    subject=0x4144c884 "<tag1>testtesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttestte"..., length=40012,
    start_offset=0, options=1095026820, offsets=0x4143b22c, offsetcount=6)
    at /root/CVS/php-src/ext/pcre/pcrelib/pcre.c:8240

#18044 0x4026be79 in php_pcre_match (ht=1095026820, return_value=0x4145fc0c, this_ptr=0x0, return_value_used=1, global=0)
    at /root/CVS/php-src/ext/pcre/php_pcre.c:475

#18045 0x4026c75e in zif_preg_match (ht=-1073758416, return_value=0xbfffbf30, this_ptr=0xbfffbf30,
    return_value_used=-1073758416) at /root/CVS/php-src/ext/pcre/php_pcre.c:611

#18046 0x4034ac74 in zend_do_fcall_common_helper (execute_data=0xbfffcfe0, opline=0x414481cc, op_array=0x41426ce4)
    at /root/CVS/php-src/Zend/zend_execute.c:2642
#18047 0x4034aded in zend_do_fcall_handler (execute_data=0xbfffcfe0, opline=0x414481cc, op_array=0xbfffbf30)
    at /root/CVS/php-src/Zend/zend_execute.c:2771
#18048 0x403471da in execute (op_array=0x41426ce4) at /root/CVS/php-src/Zend/zend_execute.c:1339
#18049 0x40329a23 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /root/CVS/php-src/Zend/zend.c:1053

#18050 0x402f2231 in php_execute_script (primary_file=0xbffff340) at /root/CVS/php-src/main/main.c:1647

#18051 0x403512ee in apache_php_module_main (r=0x817fe9c, display_source_mode=0)
    at /root/CVS/php-src/sapi/apache/sapi_apache.c:54

#18052 0x40351e4b in send_php (r=0x817fe9c, display_source_mode=0, filename=0x0)
    at /root/CVS/php-src/sapi/apache/mod_php5.c:621
#18053 0x40352015 in send_parsed_php (r=0x817fe9c) at /root/CVS/php-src/sapi/apache/mod_php5.c:636
#18054 0x0806b1d6 in ap_invoke_handler ()
#18055 0x080811fe in process_request_internal ()
#18056 0x08081668 in ap_internal_redirect ()
#18057 0x0806000a in handle_dir ()
---Type <return> to continue, or q <return> to quit---
#18058 0x0806b1d6 in ap_invoke_handler ()
#18059 0x080811fe in process_request_internal ()
#18060 0x0808125b in ap_process_request ()
#18061 0x08077c14 in child_main ()
#18062 0x08077dc6 in make_child ()
#18063 0x08077f45 in startup_children ()
#18064 0x0807862f in standalone_main ()
#18065 0x08078ec9 in main ()
#18066 0x400d2af7 in __libc_start_main () from /lib/i686/

This only happens, when the text is bigger than approx. 40Kbytes.
 [2004-03-05 05:03 UTC] jakerator at mail dot ru
But how I can process large texts, wich much more than 40kb?
 [2004-03-11 09:26 UTC]
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.

..and there are known and documented limitations with pcre functions..
 [2004-03-11 10:00 UTC]
It still crashes with php5-200403110630 and HEAD.
Backtrace is the same.
 [2004-03-13 04:53 UTC]
The limitations of pcre lib haven't suddenly vanished..

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Jun 23 05:01:28 2024 UTC