|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #43031 preg_match() segfaults on large strings
Submitted: 2007-10-19 10:01 UTC Modified: 2007-10-19 11:59 UTC
From: php at benjaminschulz dot com Assigned:
Status: Not a bug Package: PCRE related
PHP Version: 5.2CVS-2007-10-19 (CVS) OS:
Private report: No CVE-ID:
 [2007-10-19 10:01 UTC] php at benjaminschulz dot com
See the Code

Reproduce code:
$string = str_repeat("foobarbazbang", 2000);

        '[\xc2-\xdf][\x80-\xbf]|' . 
        '\xe0[\xa0-\xbf][\x80-\xbf]|' . 
        '[\xe1-\xec][\x80-\xbf]{2}|' . 
        '\xed[\x80-\x9f][\x80-\xbf]|' . 
        '[\xee-\xef][\x80-\xbf]{2}|' . 
        'f0[\x90-\xbf][\x80-\xbf]{2}|' . 
        '[\xf1-\xf3][\x80-\xbf]{3}|' . 

Actual result:
[New Thread -1216595648 (LWP 25629)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1216595648 (LWP 25629)]
0x080b7876 in match (
    eptr=0x87af93c "oobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobar"...,     ecode=0x87e14c5 "^",     mstart=0x87aeeec "foobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfooba"...,     offset_top=4, md=0xbffbf8ec, ims=0, eptrb=0x0, flags=0, rdepth=5281)    at /usr/src/php5/ext/pcre/pcrelib/pcre_exec.c:575575     utf8 = md->utf8;       /* Local copy of the flag */


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2007-10-19 10:30 UTC] felipensp at gmail dot com
This is a question of stack of PCRE lib, recently posted in
 [2007-10-19 11:59 UTC]
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at and the instructions on how to report
a bug at

See pcre.backtrack_limit and pcre.recursion_limit.
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Sun Nov 29 23:01:35 2015 UTC