PHP :: Bug #40909 :: Segmentation Fault with preg_match

Bug #40909

Segmentation Fault with preg_match_all

Submitted:

2007-03-24 17:46 UTC

Modified:

2007-03-26 11:47 UTC

Votes:	3
Avg. Score:	4.0 ± 1.4
Reproduced:	3 of 3 (100.0%)
Same Version:	1 (33.3%)
Same OS:	2 (66.7%)

From:

adrynet at tiscali dot it

Assigned:

Status:

Not a bug

Package:

*Regular Expressions

PHP Version:

4.4.6

OS:

Linux Fedora / Redhat / CentOS

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !

Your email address: MUST BE VALID
Solve the problem: 40 - 35 = ?
Subscribe to this entry?

[2007-03-24 17:46 UTC] adrynet at tiscali dot it

Description:
------------
Good morning,
executing preg_match_all() function with this Regular Expression causes a PHP Segmentation Fault.

The following code works correctly both with previous versions of PHP and PHP 5.2.1.

Thank you for support
Adriano C.

Reproduce code:
---------------
<?php
            
$pattern = "/\s([\w_\.\/]+)(?:=([\'\"]?(?:[\w\d\s\?=\(\)\.,'_#\/\\:;&-]|(?:\\\\\"|\\\')?)+[\'\"]?))?/";
$context = "<simpletag an_attribute=\"simpleValueInside\">";

$match = array();

if ($result =preg_match_all($pattern, $context, $match))
{

var_dump($result);
}


?>

Expected result:
----------------
int(1)

Actual result:
--------------
Segmentation Fault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2007-03-25 22:36 UTC] judas dot iscariote at gmail dot com

reproducible with CVS 5_2 too.

 gdb --args ./sapi/cli/php ~/preg.php

(gdb) run
Starting program: /home/cristian/php5/sapi/cli/php /home/cristian/preg.php
Program received signal SIGSEGV, Segmentation fault.
0x0000000000453d2d in match (eptr=Cannot access memory at address 0x7fff5c974b60
) at /home/cristian/php5/ext/pcre/pcrelib/pcre_exec.c:372
372     {
(gdb) bt full
#0  0x0000000000453d2d in match (eptr=Cannot access memory at address 0x7fff5c974b60
) at /home/cristian/php5/ext/pcre/pcrelib/pcre_exec.c:372
        rrc = Cannot access memory at address 0x7fff5c974c48
(gdb)

[2007-03-26 10:07 UTC] tony2001@php.net

Yet another PCRE stack overflow.
We got new INI options in PHP5 in order to "limit" the appetite of PCRE, though they do not really fix the problem in PCRE library, which is known to overflow the stack on certain expressions and there are no plans on adding these options to PHP4.

[2007-03-26 10:48 UTC] adrynet at tiscali dot it

Hi Tony,
It's strange because with PHP 4.4.6 we got Segmentation Fault using preg_match_all() on with same regex pattern on the same source text that both in previous versions of PHP 4.4.x and 5.x works perfectly.

So why in this release PCRE should have "more appetite" on the same usage?

Have a nice day
Adriano C.

[2007-03-26 10:59 UTC] tony2001@php.net

>So why in this release PCRE should have "more appetite" on the same
usage
You're asking wrong person, I can't answer your question since I'm not the author of PCRE.

[2007-03-26 11:06 UTC] adrynet at tiscali dot it

>You're asking wrong person, I can't answer your question since I'm not
the author of PCRE.

Thanks for reply Tony. Do you know if 4.4.6 uses a new release of PCRE and so we have this behaviour?

Have a nice day
Adriano C.

[2007-03-26 11:18 UTC] tony2001@php.net

Yes, PHP 4.4.6 (as well as PHP 5.2.2) has PCRE 7.0 bundled.

[2007-03-26 11:47 UTC] adrynet at tiscali dot it

> Yes, PHP 4.4.6 (as well as PHP 5.2.2) has PCRE 7.0 bundled.

So if is PCRE 7.0 the root cause we have to expect a Segmentation Fault even in the next PHP 5.x update :| ?

thanks
Adriano C.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 19 12:01:27 2024 UTC