|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #47662 Crash with more that 127 named Subpattern
Submitted: 2009-03-15 14:37 UTC Modified: 2009-04-10 15:48 UTC
From: gmblar+php at gmail dot com Assigned: nlopess
Status: Closed Package: PCRE related
PHP Version: 5.2.9 OS: MacOSX 10.5
Private report: No CVE-ID:
 [2009-03-15 14:37 UTC] gmblar+php at gmail dot com
With more than 63 Subpattern in a Regular-Expression, PHP crashes with a 

Reproduce code:

$regex = '@';
// works with $bar<63
for($bar=0; $bar<64; $bar++) {
	$regex .= '((?P<foo'.$bar.'>))';
$regex .= '@';
preg_match($regex, 'foobar');


Expected result:

Actual result:
$ php foobar.php
Segmentation fault


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2009-03-26 15:02 UTC] mmcnicklebugs at googlemail dot com
I can't replicate on Linux/Ubuntu 8.04 with 5.3CVS or 5.2.*

When I increase the number of patterns to a large number (say 60000) I get a suitable warning:

Warning: preg_match(): Compilation failed: too many named subpatterns (maximum 10000) at offset 148903 in /home/martin/php_bugs/pcre/47622/test.php on line 10
 [2009-04-06 21:00 UTC]
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read for *NIX and for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

 [2009-04-06 23:17 UTC] gmblar+php at gmail dot com
Problem only appears if PHP is compiled with 64-bit Support (x86_64)

$ gdb ./php
GNU gdb 6.3.50-20050815 (Apple version gdb-962) (Sat Jul 26 08:14:40 
UTC 2008)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and 
you are
welcome to change it and/or distribute copies of it under certain 
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for 
This GDB was configured as "i386-apple-darwin"...Reading symbols for 
shared libraries ...... done

(gdb) run ./test.php
Starting program: /Users/Blar/Sites/php/php-5.2.9/sapi/cli/php 
warning: posix_spawn failed, trying execvp, error: 86
Reading symbols for shared libraries +++++.. done

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x000000010079ae10
0x000000010002308f in make_subpats_table (num_subpats=257, 
pce=0x101008b60) at /Users/Blar/Sites/php/php-
213				subpat_names[name_idx] = name_table + 
(gdb) bt
#0  0x000000010002308f in make_subpats_table (num_subpats=257, 
pce=0x101008b60) at /Users/Blar/Sites/php/php-
#1  0x00000001000243b7 in php_pcre_match_impl (pce=0x101008b60, 
subject=0x10071a998 "foobar", subject_len=6, return_value=0x10071ad10, 
subpats=0x0, global=0, use_flags=0, 
flags=0, start_offset=0) at /Users/Blar/Sites/php/php-
#2  0x0000000100024196 in php_do_pcre_match (ht=2, 
return_value=0x10071ad10, return_value_ptr=0x0, this_ptr=0x0, 
return_value_used=0, global=0) at /Users/Blar/Sites/php/php-
#3  0x0000000100025017 in zif_preg_match (ht=2, 
return_value=0x10071ad10, return_value_ptr=0x0, this_ptr=0x0, 
return_value_used=0) at /Users/Blar/Sites/php/php-
#4  0x00000001002f0803 in zend_do_fcall_common_helper_SPEC 
(execute_data=0x7fff5fbfebd0) at zend_vm_execute.h:200
#5  0x00000001002f72b3 in ZEND_DO_FCALL_SPEC_CONST_HANDLER 
(execute_data=0x7fff5fbfebd0) at zend_vm_execute.h:1729
#6  0x00000001002f0223 in execute (op_array=0x1007198d0) at 
#7  0x00000001002c599b in zend_execute_scripts (type=8, retval=0x0, 
file_count=3) at /Users/Blar/Sites/php/php-5.2.9/Zend/zend.c:1134
#8  0x0000000100263d28 in php_execute_script 
(primary_file=0x7fff5fbff5c0) at /Users/Blar/Sites/php/php-
#9  0x0000000100351d7c in main (argc=2, argv=0x7fff5fbff728) at 
 [2009-04-06 23:19 UTC] gmblar+php at gmail dot com
PCRE fails with more that 127 Subpattern if PHP compiled as 64-Bit-
 [2009-04-10 15:31 UTC]
there's something wrong with the pcre library. I'll take a look.
 [2009-04-10 15:48 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Wed Oct 07 15:01:30 2015 UTC