php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #43031 preg_match() segfaults on large strings
Submitted: 2007-10-19 10:01 UTC Modified: 2007-10-19 11:59 UTC
From: php at benjaminschulz dot com Assigned:
Status: Not a bug Package: PCRE related
PHP Version: 5.2CVS-2007-10-19 (CVS) OS:
Private report: No CVE-ID:
 [2007-10-19 10:01 UTC] php at benjaminschulz dot com
Description:
------------
See the Code

Reproduce code:
---------------
<?php
$string = str_repeat("foobarbazbang", 2000);

var_dump(
    preg_match('/^([\x00-\x7f]|'.
        '[\xc2-\xdf][\x80-\xbf]|' . 
        '\xe0[\xa0-\xbf][\x80-\xbf]|' . 
        '[\xe1-\xec][\x80-\xbf]{2}|' . 
        '\xed[\x80-\x9f][\x80-\xbf]|' . 
        '[\xee-\xef][\x80-\xbf]{2}|' . 
        'f0[\x90-\xbf][\x80-\xbf]{2}|' . 
        '[\xf1-\xf3][\x80-\xbf]{3}|' . 
        '\xf4[\x80-\x8f][\x80-\xbf]{2})*$/',
    $string)
);

Actual result:
--------------
Backtrace:
[New Thread -1216595648 (LWP 25629)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1216595648 (LWP 25629)]
0x080b7876 in match (
    eptr=0x87af93c "oobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobar"...,     ecode=0x87e14c5 "^",     mstart=0x87aeeec "foobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfooba"...,     offset_top=4, md=0xbffbf8ec, ims=0, eptrb=0x0, flags=0, rdepth=5281)    at /usr/src/php5/ext/pcre/pcrelib/pcre_exec.c:575575     utf8 = md->utf8;       /* Local copy of the flag */

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-10-19 10:30 UTC] felipensp at gmail dot com
This is a question of stack of PCRE lib, recently posted in http://bugs.exim.org/show_bug.cgi?id=616
 [2007-10-19 11:59 UTC] johannes@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

See pcre.backtrack_limit and pcre.recursion_limit.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Mon Apr 21 12:02:07 2014 UTC