php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #38512 PCRE 6.6 crashing PHP with specific calls to preg_match()
Submitted: 2006-08-19 13:51 UTC Modified: 2006-08-22 08:14 UTC
Votes:15
Avg. Score:4.7 ± 1.0
Reproduced:7 of 12 (58.3%)
Same Version:7 (100.0%)
Same OS:1 (14.3%)
From: peter dot mescalchin at gmail dot com Assigned:
Status: Closed Package: PCRE related
PHP Version: 5.1.5 OS: Windows XP
Private report: No CVE-ID: None
 [2006-08-19 13:51 UTC] peter dot mescalchin at gmail dot com
Description:
------------
Passing large strings to PCRE functions in PHP versions 5.1.3 or greater and Apache 2.0.59 with the regexp "/(\r|\n|.)*/" crashes PHP/Apache request.

Referring to the source code, a string length greater than 376 character crashes the request.

Rolling back to PHP 5.1.2, using PCRE 6.2 works correctly without crashing for string lengths greater than 376 characters.

The bug is very similar to the following PHP bug report:

http://bugs.php.net/bug.php?id=24460

Reproduce code:
---------------
<?PHP

$test = str_repeat('a',377);

// preg_match() will crash the request
preg_match('/(\r|\n|.)*/',$test);

?>

Expected result:
----------------
The script to end gracefully.

Actual result:
--------------
Crashing of the PHP request.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-08-21 08:29 UTC] tony2001@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip


 [2006-08-22 08:11 UTC] peter dot mescalchin at gmail dot com
The 5.2 build fixes the issue. This bug can be closed I guess.

Thanks.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Fri Nov 22 03:01:24 2019 UTC