php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #47662 Crash with more that 127 named Subpattern
Submitted: 2009-03-15 14:37 UTC Modified: 2009-04-10 15:48 UTC
From: gmblar+php at gmail dot com Assigned: nlopess
Status: Closed Package: PCRE related
PHP Version: 5.2.9 OS: MacOSX 10.5
Private report: No CVE-ID:
 [2009-03-15 14:37 UTC] gmblar+php at gmail dot com
Description:
------------
With more than 63 Subpattern in a Regular-Expression, PHP crashes with a 
Segmention-Fault.

Reproduce code:
---------------
<?php

$regex = '@';
// works with $bar<63
for($bar=0; $bar<64; $bar++) {
	$regex .= '((?P<foo'.$bar.'>))';
}
$regex .= '@';
 
preg_match($regex, 'foobar');

?>

Expected result:
----------------
Nothing

Actual result:
--------------
$ php foobar.php
Segmentation fault


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-03-26 15:02 UTC] mmcnicklebugs at googlemail dot com
I can't replicate on Linux/Ubuntu 8.04 with 5.3CVS or 5.2.*

When I increase the number of patterns to a large number (say 60000) I get a suitable warning:

Warning: preg_match(): Compilation failed: too many named subpatterns (maximum 10000) at offset 148903 in /home/martin/php_bugs/pcre/47622/test.php on line 10
 [2009-04-06 21:00 UTC] jani@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.


 [2009-04-06 23:17 UTC] gmblar+php at gmail dot com
Problem only appears if PHP is compiled with 64-bit Support (x86_64)


$ gdb ./php
GNU gdb 6.3.50-20050815 (Apple version gdb-962) (Sat Jul 26 08:14:40 
UTC 2008)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and 
you are
welcome to change it and/or distribute copies of it under certain 
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for 
details.
This GDB was configured as "i386-apple-darwin"...Reading symbols for 
shared libraries ...... done

(gdb) run ./test.php
Starting program: /Users/Blar/Sites/php/php-5.2.9/sapi/cli/php 
./test.php
warning: posix_spawn failed, trying execvp, error: 86
Reading symbols for shared libraries +++++.. done

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x000000010079ae10
0x000000010002308f in make_subpats_table (num_subpats=257, 
pce=0x101008b60) at /Users/Blar/Sites/php/php-
5.2.9/ext/pcre/php_pcre.c:213
213				subpat_names[name_idx] = name_table + 
2;
(gdb) bt
#0  0x000000010002308f in make_subpats_table (num_subpats=257, 
pce=0x101008b60) at /Users/Blar/Sites/php/php-
5.2.9/ext/pcre/php_pcre.c:213
#1  0x00000001000243b7 in php_pcre_match_impl (pce=0x101008b60, 
subject=0x10071a998 "foobar", subject_len=6, return_value=0x10071ad10, 
subpats=0x0, global=0, use_flags=0, 
flags=0, start_offset=0) at /Users/Blar/Sites/php/php-
5.2.9/ext/pcre/php_pcre.c:598
#2  0x0000000100024196 in php_do_pcre_match (ht=2, 
return_value=0x10071ad10, return_value_ptr=0x0, this_ptr=0x0, 
return_value_used=0, global=0) at /Users/Blar/Sites/php/php-
5.2.9/ext/pcre/php_pcre.c:513
#3  0x0000000100025017 in zif_preg_match (ht=2, 
return_value=0x10071ad10, return_value_ptr=0x0, this_ptr=0x0, 
return_value_used=0) at /Users/Blar/Sites/php/php-
5.2.9/ext/pcre/php_pcre.c:762
#4  0x00000001002f0803 in zend_do_fcall_common_helper_SPEC 
(execute_data=0x7fff5fbfebd0) at zend_vm_execute.h:200
#5  0x00000001002f72b3 in ZEND_DO_FCALL_SPEC_CONST_HANDLER 
(execute_data=0x7fff5fbfebd0) at zend_vm_execute.h:1729
#6  0x00000001002f0223 in execute (op_array=0x1007198d0) at 
zend_vm_execute.h:92
#7  0x00000001002c599b in zend_execute_scripts (type=8, retval=0x0, 
file_count=3) at /Users/Blar/Sites/php/php-5.2.9/Zend/zend.c:1134
#8  0x0000000100263d28 in php_execute_script 
(primary_file=0x7fff5fbff5c0) at /Users/Blar/Sites/php/php-
5.2.9/main/main.c:2023
#9  0x0000000100351d7c in main (argc=2, argv=0x7fff5fbff728) at 
/Users/Blar/Sites/php/php-5.2.9/sapi/cli/php_cli.c:1133
 [2009-04-06 23:19 UTC] gmblar+php at gmail dot com
PCRE fails with more that 127 Subpattern if PHP compiled as 64-Bit-
Binary
 [2009-04-10 15:31 UTC] nlopess@php.net
there's something wrong with the pcre library. I'll take a look.
 [2009-04-10 15:48 UTC] nlopess@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 04:01:55 2014 UTC