php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #40909 Segmentation Fault with preg_match_all
Submitted: 2007-03-24 17:46 UTC Modified: 2007-03-26 11:47 UTC
Votes:3
Avg. Score:4.0 ± 1.4
Reproduced:3 of 3 (100.0%)
Same Version:1 (33.3%)
Same OS:2 (66.7%)
From: adrynet at tiscali dot it Assigned:
Status: Not a bug Package: *Regular Expressions
PHP Version: 4.4.6 OS: Linux Fedora / Redhat / CentOS
Private report: No CVE-ID:
 [2007-03-24 17:46 UTC] adrynet at tiscali dot it
Description:
------------
Good morning,
executing preg_match_all() function with this Regular Expression causes a PHP Segmentation Fault.

The following code works correctly both with previous versions of PHP and PHP 5.2.1.

Thank you for support
Adriano C.

Reproduce code:
---------------
<?php
            
$pattern = "/\s([\w_\.\/]+)(?:=([\'\"]?(?:[\w\d\s\?=\(\)\.,'_#\/\\:;&-]|(?:\\\\\"|\\\')?)+[\'\"]?))?/";
$context = "<simpletag an_attribute=\"simpleValueInside\">";

$match = array();

if ($result =preg_match_all($pattern, $context, $match))
{

var_dump($result);
}


?>

Expected result:
----------------
int(1)

Actual result:
--------------
Segmentation Fault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-03-25 22:36 UTC] judas dot iscariote at gmail dot com
reproducible with CVS 5_2 too.

 gdb --args ./sapi/cli/php ~/preg.php

(gdb) run
Starting program: /home/cristian/php5/sapi/cli/php /home/cristian/preg.php
Program received signal SIGSEGV, Segmentation fault.
0x0000000000453d2d in match (eptr=Cannot access memory at address 0x7fff5c974b60
) at /home/cristian/php5/ext/pcre/pcrelib/pcre_exec.c:372
372     {
(gdb) bt full
#0  0x0000000000453d2d in match (eptr=Cannot access memory at address 0x7fff5c974b60
) at /home/cristian/php5/ext/pcre/pcrelib/pcre_exec.c:372
        rrc = Cannot access memory at address 0x7fff5c974c48
(gdb)
 [2007-03-26 10:07 UTC] tony2001@php.net
Yet another PCRE stack overflow.
We got new INI options in PHP5 in order to "limit" the appetite of PCRE, though they do not really fix the problem in PCRE library, which is known to overflow the stack on certain expressions and there are no plans on adding these options to PHP4.
 [2007-03-26 10:48 UTC] adrynet at tiscali dot it
Hi Tony,
It's strange because with PHP 4.4.6 we got Segmentation Fault using preg_match_all() on with same regex pattern on the same source text that both in previous versions of PHP 4.4.x and 5.x works perfectly.

So why in this release PCRE should have "more appetite" on the same usage?

Have a nice day
Adriano C.
 [2007-03-26 10:59 UTC] tony2001@php.net
>So why in this release PCRE should have "more appetite" on the same
usage
You're asking wrong person, I can't answer your question since I'm not the author of PCRE.
 [2007-03-26 11:06 UTC] adrynet at tiscali dot it
>You're asking wrong person, I can't answer your question since I'm not
the author of PCRE.

Thanks for reply Tony. Do you know if 4.4.6 uses a new release of PCRE and so we have this behaviour?

Have a nice day
Adriano C.
 [2007-03-26 11:18 UTC] tony2001@php.net
Yes, PHP 4.4.6 (as well as PHP 5.2.2) has PCRE 7.0 bundled.
 [2007-03-26 11:47 UTC] adrynet at tiscali dot it
> Yes, PHP 4.4.6 (as well as PHP 5.2.2) has PCRE 7.0 bundled.

So if is PCRE 7.0 the root cause we have to expect a Segmentation Fault even in the next PHP 5.x update :| ?

thanks
Adriano C.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 03:02:42 2014 UTC