php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #41823 Pattern causing crash
Submitted: 2007-06-27 13:55 UTC Modified: 2007-07-05 01:00 UTC
From: rob at gravityswitch dot com Assigned:
Status: No Feedback Package: PCRE related
PHP Version: 5.2.3 OS: FreeBSD 6.2-RELEASE-p1
Private report: No CVE-ID: None
 [2007-06-27 13:55 UTC] rob at gravityswitch dot com
Description:
------------
This problem showed up after an upgrade to php 5.2.3 that was accompanied by a pcre upgrade to ver 7.0.  It works fine on my local system (php 5.2.3, pcre 6.7)

The browser returns a download dialog rather than an error.

If I remove the "=" from the pattern, it works, but doesn't find anything.


Reproduce code:
---------------
<?php
$s = "((?is-U)<input(?:(?:\s*\w*\s*(?:=(?:(?:'.*?')|(?:\".*?\")|(?:\w*)))?)*)(?:>|(?:\/>)))";
$formHTML = "Nothing to see here:<input name='blah' value=''></input>";
echo preg_replace("/" . $s . "/is", "muffin", $formHTML);

?>

Expected result:
----------------
I would expect this code to replace the input tag string with "muffin".  I would also expect it not to crash.

Actual result:
--------------
Download dialog box.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-06-27 13:59 UTC] tony2001@php.net
Looks like yet another PCRE 7.0 regression, which is fixed by PCRE 7.2 (available in CVS version).
At least I can't reproduce it here.
 [2007-07-05 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 14:01:28 2024 UTC