php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #41306 preg_replace_callback segfaults on certain regexp
Submitted: 2007-05-06 19:12 UTC Modified: 2007-05-07 12:38 UTC
From: Sjon at hortensius dot net Assigned:
Status: Not a bug Package: PCRE related
PHP Version: 4.4.7 OS: Linux 2.6.20
Private report: No CVE-ID: None
View Developer Edit
 [2007-05-06 19:12 UTC] Sjon at hortensius dot net 
Description:
------------
Although other regexps work fine; this one crashes since 4.4.7 is installed

Reproduce code:
---------------
<?PHP
$x = new x();

class x {
        function y($matches){
                echo 'no problem!';
        }

        function x(){
                preg_replace_callback('~\{([a-zA-Z\-_]{0,50})@([a-zA-Z_\d]{1,50})\}((?:(?:\{[a-zA-Z.\-_\d]{1,50}\}|[^\{\}]*)(\{,\})?)*)\{\1/\}~sU', array(&$this, 'y'), '{@function}argument{/}');
        }
}
?>

Expected result:
----------------
I would expect the x::y function to be ran by preg_replace_callback

Actual result:
--------------
[Sun May 06 20:47:49 2007] [notice] child pid 26044 exit signal Segmentation fault (11)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-05-06 19:20 UTC] Sjon at hortensius dot net 
The backtrace is _very_ long. Here is the first part:

Program received signal SIGSEGV, Segmentation fault.
match (eptr=0x82a3b47 "argument{/}", ecode=0x82a37a5 "O", offset_top=6, md=0xbfeac6ac, ims=4, eptrb=0x0, flags=0, rdepth=11366)
    at /root/packages/php/src/php-4.4.7/ext/pcre/pcrelib/pcre_exec.c:372
372     /root/packages/php/src/php-4.4.7/ext/pcre/pcrelib/pcre_exec.c: No such file or directory.
        in /root/packages/php/src/php-4.4.7/ext/pcre/pcrelib/pcre_exec.c
(gdb) bt
#0  match (eptr=0x82a3b47 "argument{/}", ecode=0x82a37a5 "O", offset_top=6, md=0xbfeac6ac, ims=4, eptrb=0x0, flags=0, rdepth=11366)
    at /root/packages/php/src/php-4.4.7/ext/pcre/pcrelib/pcre_exec.c:372
#1  0x0807e197 in match (eptr=0x82a3b47 "argument{/}", ecode=<value optimized out>, offset_top=6, md=0xbfeac6ac, ims=4, eptrb=0x0, flags=0, rdepth=11365)
    at /root/packages/php/src/php-4.4.7/ext/pcre/pcrelib/pcre_exec.c:1187
#2  0x0807a5e0 in match (eptr=<value optimized out>, ecode=<value optimized out>, offset_top=<value optimized out>, md=0xbfeac6ac, ims=4, eptrb=0x0, 
    flags=<value optimized out>, rdepth=11364) at /root/packages/php/src/php-4.4.7/ext/pcre/pcrelib/pcre_exec.c:1082
#3  0x0807e560 in match (eptr=<value optimized out>, ecode=<value optimized out>, offset_top=<value optimized out>, md=0xbfeac6ac, ims=4, eptrb=0x0, 
    flags=<value optimized out>, rdepth=11363) at /root/packages/php/src/php-4.4.7/ext/pcre/pcrelib/pcre_exec.c:1740
 [2007-05-07 12:38 UTC] tony2001@php.net 
Please search the database before submitting new reports.
Stack overflow in PCRE is known problem and there is not much we can do about it, since it's a problem of PCRE library.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Mon Oct 27 06:00:01 2025 UTC