PHP :: Bug #36507 :: Crash in preg

Bug #36507	Crash in preg_replace
Submitted:	2006-02-24 09:24 UTC	Modified:	2006-02-24 12:55 UTC
From:	joc at presence-pc dot com	Assigned:
Status:	Not a bug	Package:	Reproducible crash
PHP Version:	4.4.2	OS:	Linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2006-02-24 09:24 UTC] joc at presence-pc dot com

Description:
------------
Hi,

PHP segfaults during a call to preg_replace.

If in the code below 

preg_replace('/(\s|^)(\.)+/',' ',$source);

is replaced by

preg_replace('/(\s|^)\.+/',' ',$source);

The crash doesn't occurs anymore.

Regards,
  Jocelyn

Reproduce code:
---------------
<?$source= "

..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................
..........................................................................................................................................................................


";

preg_replace('/(\s|^)(\.)+/',' ',$source);
?>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-02-24 09:26 UTC] tony2001@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

[2006-02-24 12:10 UTC] joc at presence-pc dot com

Hi,

Here is the backtrace :

#0  0x08072ff9 in match (eptr=0x8360dfd '.' <repeats 200 times>..., ecode=0x835c146 "R", offset_top=6, md=0xbfffd210, ims=0, eptrb=0xbf8004d8, flags=2)
    at /usr/src/php-4.4.2/ext/pcre/pcrelib/pcre_exec.c:517
517	utf8 = md->utf8;       /* Local copy of the flag */
(gdb) bt
#0  0x08072ff9 in match (eptr=0x8360dfd '.' <repeats 200 times>..., ecode=0x835c146 "R", offset_top=6, md=0xbfffd210, ims=0, eptrb=0xbf8004d8, flags=2)
    at /usr/src/php-4.4.2/ext/pcre/pcrelib/pcre_exec.c:517
#1  0x080741a9 in match (eptr=0x8360dfd '.' <repeats 200 times>..., ecode=0x835c14b "C", offset_top=6, md=0xbfffd210, ims=0, eptrb=0xbf8004d8, flags=2)
    at /usr/src/php-4.4.2/ext/pcre/pcrelib/pcre_exec.c:1123
#2  0x0807317b in match (eptr=0x8360dfc '.' <repeats 200 times>..., ecode=0x835c146 "R", offset_top=6, md=0xbfffd210, ims=0, eptrb=0xbf8004d8, flags=2)
    at /usr/src/php-4.4.2/ext/pcre/pcrelib/pcre_exec.c:589
#3  0x080741a9 in match (eptr=0x8360dfc '.' <repeats 200 times>..., ecode=0x835c14b "C", offset_top=6, md=0xbfffd210, ims=0, eptrb=0xbf800958, flags=2)
    at /usr/src/php-4.4.2/ext/pcre/pcrelib/pcre_exec.c:1123
#4  0x0807317b in match (eptr=0x8360dfb '.' <repeats 200 times>..., ecode=0x835c146 "R", offset_top=6, md=0xbfffd210, ims=0, eptrb=0xbf800958, flags=2)
    at /usr/src/php-4.4.2/ext/pcre/pcrelib/pcre_exec.c:589

[...]

Regards,
  Jocelyn

[2006-02-24 12:15 UTC] joc at presence-pc dot com

The bottom of the stack :
#14537 0x080741a9 in match (eptr=0x835f150 '.' <repeats 200 times>..., ecode=0x835c14b "C", offset_top=6, md=0xbfffd210, ims=0, eptrb=0xbfffc6d8, 
    flags=2) at /usr/src/php-4.4.2/ext/pcre/pcrelib/pcre_exec.c:1123
#14538 0x0807317b in match (eptr=0x835f14f '.' <repeats 200 times>..., ecode=0x835c146 "R", offset_top=6, md=0xbfffd210, ims=0, eptrb=0xbfffc6d8, 
    flags=2) at /usr/src/php-4.4.2/ext/pcre/pcrelib/pcre_exec.c:589
#14539 0x080741a9 in match (eptr=0x835f14f '.' <repeats 200 times>..., ecode=0x835c14b "C", offset_top=6, md=0xbfffd210, ims=0, eptrb=0xbfffcd98, 
    flags=2) at /usr/src/php-4.4.2/ext/pcre/pcrelib/pcre_exec.c:1123
#14540 0x0807317b in match (eptr=0x835f14e '.' <repeats 200 times>..., ecode=0x835c146 "R", offset_top=4, md=0xbfffd210, ims=0, eptrb=0xbfffcd98, 
    flags=2) at /usr/src/php-4.4.2/ext/pcre/pcrelib/pcre_exec.c:589
#14541 0x0807317b in match (eptr=0x835f14d "\n", '.' <repeats 199 times>..., ecode=0x835c13b "Q", offset_top=2, md=0xbfffd210, ims=0, eptrb=0xbfffcd98, 
    flags=2) at /usr/src/php-4.4.2/ext/pcre/pcrelib/pcre_exec.c:589
#14542 0x08073285 in match (eptr=0x835f14d "\n", '.' <repeats 199 times>..., ecode=0x835c138 "P", offset_top=2, md=0xbfffd210, ims=0, eptrb=0xbfffcfd8, 
    flags=2) at /usr/src/php-4.4.2/ext/pcre/pcrelib/pcre_exec.c:619
#14543 0x0807b052 in php_pcre_exec (argument_re=0x835c110, extra_data=0x0, subject=0x835f14c "\n\n", '.' <repeats 198 times>..., length=9700, 
    start_offset=0, options=0, offsets=0x835c1dc, offsetcount=9) at /usr/src/php-4.4.2/ext/pcre/pcrelib/pcre_exec.c:3552
#14544 0x0808003c in php_pcre_replace (regex=0x83525c4 "/(\\s|^)(\\.)+/", regex_len=13, subject=0x835f14c "\n\n", '.' <repeats 198 times>..., 
    subject_len=9700, replace_val=0x8352604, is_callable_replace=0, result_len=0xbfffd434, limit=-1) at /usr/src/php-4.4.2/ext/pcre/php_pcre.c:876
#14545 0x08080935 in php_replace_in_subject (regex=0x8352584, replace=0x8352604, subject=0x83530b4, result_len=0xbfffd434, limit=-1, 
    is_callable_replace=0 '\0') at /usr/src/php-4.4.2/ext/pcre/php_pcre.c:1087
#14546 0x0808100f in preg_replace_impl (ht=3, return_value=0x8352644, this_ptr=0x0, return_value_used=0, is_callable_replace=0 '\0')
    at /usr/src/php-4.4.2/ext/pcre/php_pcre.c:1179
#14547 0x08081060 in zif_preg_replace (ht=3, return_value=0x8352644, this_ptr=0x0, return_value_used=0) at /usr/src/php-4.4.2/ext/pcre/php_pcre.c:1190
#14548 0x08183c63 in execute (op_array=0x8357854) at /usr/src/php-4.4.2/Zend/zend_execute.c:1675
#14549 0x081715d9 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/src/php-4.4.2/Zend/zend.c:934
#14550 0x0813f12a in php_execute_script (primary_file=0xbffff9b0) at /usr/src/php-4.4.2/main/main.c:1753
#14551 0x081893fc in main (argc=2, argv=0xbffffa74) at /usr/src/php-4.4.2/sapi/cli/php_cli.c:830

(note there are more than 14500 calls to match function)

[2006-02-24 12:21 UTC] tony2001@php.net

This is PCRELib problem, please report it to PCRE developer.
You can also try to compile PHP with external PCRE lib (grab latest version at pcre.org) and see if it helps.

[2006-02-24 12:55 UTC] joc at presence-pc dot com

Hi,

Seems to work fine with PCRE 6.3 lib.

Thanks,
  Jocelyn

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Mon Jun 17 18:01:31 2024 UTC