|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #47689 crash with certain regular expression
Submitted: 2009-03-17 13:57 UTC Modified: 2011-09-29 13:34 UTC
Avg. Score:5.0 ± 0.0
Reproduced:4 of 4 (100.0%)
Same Version:4 (100.0%)
Same OS:4 (100.0%)
From: Assigned: pajoye (profile)
Status: Not a bug Package: PCRE related
PHP Version: 5.*, 6CVS (2009-03-17) OS: win32 only
Private report: No CVE-ID: None
 [2009-03-17 13:57 UTC]
Apache 2.2.11 crashes with PHP 5.2.9-1 on the following code. The same script run from CLI executes without crash.

Reproduce code:
$contents = '/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
// shortest possible example, omitting last line causes no crash

$contents = preg_replace('@/\\*(?:.|[\\n\\r])*?\\*/@', '', $contents);

Expected result:
Empty string in $contents.

Actual result:
Apache crash.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2009-03-18 13:10 UTC]
I've uploaded the backtrace analysis to
 [2009-03-18 23:16 UTC]
Hi Jakub,
please check the pcre.backtrack_limit and pcre.recursion_limit value.
 [2009-03-19 10:22 UTC]
Both configuration directives are on the default value 100000.

I've found out that with much longer input (600 lines) the script crashes also in CLI.

There's no crash in PHP 5.2.8, only PHP 5.2.9 is affected.
 [2009-04-10 15:15 UTC]
this is the usual stack problem.
Since we now use the stack for PCRE recursion on Windows, I think we could increase the stack size. The default (1 MB) is a little short..
Pierre: can you please increase the stack size on windows binaries to e.g. 8 MB? It's a matter of adding one parameter to the compile arguments.
More details at:
 [2009-04-10 17:43 UTC]
Please try using 5.3.0 VC9 snapshots(ts or NTS):
 [2009-04-14 13:42 UTC]
Same result with VC9 TS and 500 lines under CLI.
 [2009-04-14 13:52 UTC]
> Same result with VC9 TS and 500 lines under CLI.

500 lines? Not using the code you pasted here?
 [2009-04-14 13:56 UTC]
Same result also with the code pasted here under Apache 2.2.
 [2009-04-25 17:37 UTC]
Pierre, Nuno already gave the solution..? :)
 [2009-05-21 20:25 UTC]
Only wondering which impact has this change, have to test first before to increase the stack.
 [2009-06-18 13:27 UTC] peter dot swietoslawski at me dot com
I'm experiencing similar crash on PHP 5.2.9-2, Apache 2.2.11, Vista 
if I run simple code like:


  $content = '
  <!-- Book Navigation Start -->
  <ul class="menu"><li class="collapsed first">Web Services</li>
  <li class="collapsed">Integration Tools</li>
  <li class="leaf">Developer Group</li>
  <li class="leaf last">Developer Forum</li>
    <div class="page-links clear-block">
        <a href="test/wws" class="page-next" title="Go to next page"> 
Web Services </a>
  <!-- Book Navigation End -->

  $pattern = '/<!-- Book Navigation Start -->((.|\s)+)<!-- Book 
Navigation End -->/i';

  preg_match($pattern, $content, $book_nav);

However this works fine in PHP 5.2.8 and in CLI for 5.2.9-2.
 [2009-07-06 17:43 UTC]
That's not something we can change for apache. You can fix the problem by increasing the stack size for apache using the following command:

editbin /STACK:8000000 c:\apache22\bin\httpd.exe

Sadly this tool is not available as a standalone app but VC Express should have it.

Close (bogus) this bug as it is not something we can change in PHP. We can increase the stack at wish but it is apache dependent. FastCGI does not seem to have this problem (was not able to crash it).
 [2011-09-29 12:35 UTC] ferenczy at volny dot cz
Better way to alter Apache stack size is using the ThreadStackSize directive in the Apache's configuration file (httpd.conf). There is a description of the ThreadStackSize directive in Apache's documentation:

So increase of Apache stack size might looks like this (lines from httpd.conf):

<IfModule mpm_winnt_module>
   ThreadStackSize 8*1024*1024

It sets Apache stack size to 8 MB, so it's the same as a default value on Linux.
 [2011-09-29 13:34 UTC]
It would be nice to add that to both apache 2.2 configuration and pcre docs.
 [2013-05-25 12:13 UTC] djokodonev at gmail dot com
This should be added to the PCRE(preg_match etc..) documentation. It had me clules for a long time as of what it going on.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Apr 23 20:01:29 2024 UTC