php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #45488 preg_replace failed when the $subject parameter length exceeds 100009
Submitted: 2008-07-11 17:57 UTC Modified: 2008-07-12 16:06 UTC
From: webez dot cn at gmail dot com Assigned:
Status: Not a bug Package: PCRE related
PHP Version: 5.2.6 OS: *
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
10 - 3 = ?
Subscribe to this entry?

 
 [2008-07-11 17:57 UTC] webez dot cn at gmail dot com
Description:
------------
if the $subject parameter's length exceeds 100009, str_replace has no return value.

This has been reproduced on windows 2003 with php 5.2.6 and Linux with php 5.2.5

PS:
If there is backslash in the $subject parameter and $pattern parameter, the critical poiont will change, the maximum string length to reproduce this bug will increase.

Reproduce code:
---------------
<?
$dummyText=str_pad("[start]",100016-strlen("[start][end]"),"*")."[end]";
str_replace_test($dummyText);
$dummyText=str_pad("[start]",100017-strlen("[start][end]"),"*")."[end]";
str_replace_test($dummyText);
function str_replace_test($dummyText){
	$result=preg_replace("/\[start\](.+?)\[end\]/eis","passed",$dummyText);
	$result==""?$result="failed":true;
	echo "str_replace with length: ".strlen($dummyText)." ".$result."<br>";
}
?>

Expected result:
----------------
str_replace with length: 100009 passed
str_replace with length: 100010 passed

Actual result:
--------------
str_replace with length: 100009 passed
str_replace with length: 100010 failed

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-07-12 16:06 UTC] felipe@php.net
This is expected, it when fails preg_last_error() returns: int(2)
That means PREG_BACKTRACK_LIMIT_ERROR.

See http://docs.php.net/manual/en/pcre.configuration.php#ini.pcre.backtrack-limit
 [2010-06-25 14:02 UTC] daniel dot reiche at tu-dresden dot de
if this is intended, shouldn't the manual reflect that and e.g. state that the subject length is limited by PCRE_BACKTRACK_LIMIT ?

Just happened to stumble over this myself, and only the Bug-Report Dialog showed this bug to me after i tried to write a new one.
Was not able to find it myself using the search!
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Wed May 25 07:05:45 2022 UTC