php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #38050 preg_match_all segfault
Submitted: 2006-07-09 19:32 UTC Modified: 2006-07-21 01:00 UTC
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:0 of 1 (0.0%)
From: taak@php.net Assigned:
Status: No Feedback Package: Reproducible crash
PHP Version: 5.1.4 OS: debian linux
Private report: No CVE-ID: None
View Developer Edit
 [2006-07-09 19:32 UTC] taak@php.net 
Description:
------------
preg_match_all segfaults on some text samples with the following pattern:

#<a(?=[\s/>]+)(?:"[^"]*"|'[^']*'|[^'">])*?\bhref\s?=\s?"([^"]+)"(?:"[^"]*"|'[^']*\'|[^'">])*?>((?:.(?!</a>))*.?)</a>#ism

Pastebin code includes an example text sample.

Reproduced on i386 linux 5.1.4 built from source but NOT a mac ppc build with the same compile flags, or on 4.3.10.

Reproduce code:
---------------
http://pastebin.com/743927

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-07-09 19:40 UTC] tony2001@php.net 
Unfortunately pastebin.com is down atm.
Please provide short but complete reproduce script here.
 [2006-07-09 23:59 UTC] judas dot iscariote at gmail dot com 
your test do not segfault here(Linux 64 bit current 5_2 CVS)
 [2006-07-10 00:36 UTC] taak@php.net 
Here it is at another paste site:

http://rafb.net/paste/results/UPIlO785.txt

I have many other bunches of text that also crash for that pattern.

I'll try this one on 5.2 also
 [2006-07-10 07:51 UTC] tony2001@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip
 [2006-07-12 16:34 UTC] taak@php.net 
Tried using php5.2-200607101230, the repro script does NOT segfault using this snap. However, it still segfaults in the program context from which it was originally extracted. Will try to come up with another repro script.
 [2006-07-13 13:31 UTC] tony2001@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc.

If possible, make the script source available online and provide
an URL to it here. Try to avoid embedding huge scripts into the report.

Both your links do not work.
 [2006-07-21 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue Jul 15 05:01:33 2025 UTC