php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #43031 preg_match() segfaults on large strings
Submitted: 2007-10-19 10:01 UTC Modified: 2007-10-19 11:59 UTC
From: php at benjaminschulz dot com Assigned:
Status: Not a bug Package: PCRE related
PHP Version: 5.2CVS-2007-10-19 (CVS) OS:
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: php at benjaminschulz dot com
New email:
PHP Version: OS:

 

 [2007-10-19 10:01 UTC] php at benjaminschulz dot com
Description:
------------
See the Code

Reproduce code:
---------------
<?php
$string = str_repeat("foobarbazbang", 2000);

var_dump(
    preg_match('/^([\x00-\x7f]|'.
        '[\xc2-\xdf][\x80-\xbf]|' . 
        '\xe0[\xa0-\xbf][\x80-\xbf]|' . 
        '[\xe1-\xec][\x80-\xbf]{2}|' . 
        '\xed[\x80-\x9f][\x80-\xbf]|' . 
        '[\xee-\xef][\x80-\xbf]{2}|' . 
        'f0[\x90-\xbf][\x80-\xbf]{2}|' . 
        '[\xf1-\xf3][\x80-\xbf]{3}|' . 
        '\xf4[\x80-\x8f][\x80-\xbf]{2})*$/',
    $string)
);

Actual result:
--------------
Backtrace:
[New Thread -1216595648 (LWP 25629)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1216595648 (LWP 25629)]
0x080b7876 in match (
    eptr=0x87af93c "oobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobar"...,     ecode=0x87e14c5 "^",     mstart=0x87aeeec "foobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfoobarbazbangfooba"...,     offset_top=4, md=0xbffbf8ec, ims=0, eptrb=0x0, flags=0, rdepth=5281)    at /usr/src/php5/ext/pcre/pcrelib/pcre_exec.c:575575     utf8 = md->utf8;       /* Local copy of the flag */

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-10-19 10:30 UTC] felipensp at gmail dot com
This is a question of stack of PCRE lib, recently posted in http://bugs.exim.org/show_bug.cgi?id=616
 [2007-10-19 11:59 UTC] johannes@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

See pcre.backtrack_limit and pcre.recursion_limit.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Oct 14 09:01:27 2024 UTC