php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #47799 Segfault with Regex
Submitted: 2009-03-27 01:09 UTC Modified: 2009-12-15 00:54 UTC
Votes:2
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: mb at insidetheweb dot de Assigned:
Status: Not a bug Package: PCRE related
PHP Version: 5.2.9 OS: *
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2009-03-27 01:09 UTC] mb at insidetheweb dot de 
Description:
------------
When i do this Regex 

#^\{\|(.*?)(?:^\|\+(.*?))?(^(?:((?R))|.)*?)^\|}#msi

on larger requests, it causes a seqfault.

You just need to be some chars above some kind of limit and you got the error.



Reproduce code:
---------------
http://cvs.php.net/viewvc.cgi/pear/Text_Wiki/Text/Wiki/Parse/Mediawiki/Table.php?revision=1.11&view=markup

Its Text_Wiki_Mediawiki.

Expected result:
----------------
HTTPD Seqfault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-03-27 16:16 UTC] felipe@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.
 [2009-03-28 01:29 UTC] mb at insidetheweb dot de 
Sorry, no clue how to get a backtrace on a running system.

This httpd -X does not work. Not even mod_backtrace.

Simply

Download the Text_Wiki with Mediawiki and parse some large Table. You get the error then yourself. I really doubt its system related.
 [2009-03-30 18:06 UTC] jani@php.net 
You would find out how to generate the backtrace if you bother 
reading the document in the link provided. And you don't need to do 
it in web server, CLI is fine too.
 [2009-04-07 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2009-10-17 20:05 UTC] amr dot mostafa at gmail dot com 
I've created a script to reproduce this. I was able to reproduce it on *some* systems (Ubuntu 9.04) using PHP 5.2.10, 5.2.11 and 5.3.0 (using vanilla PHP downloaded from php.net).

I've also tried compiling PHP 5.3.0 against vanilla PCRE 7.9 (using --with-pcre-regex) but that didn't make any difference.

However, I cannot reproduce this issue on CentOS 5.3 and 4.6 with PHP 5.2.9 and 5.2.10 from Oracle RPMs.

Script:

http://gist.github.com/212434 (download directly: http://gist.github.com/raw/212434/6cf1720cbac05340a5cb2a5c6431b2a4f6024e0d/pcre%20segfault)
 [2009-10-17 20:30 UTC] amr dot mostafa at gmail dot com 
I've tried jani at php(dot)net suggestion in (http://bugs.php.net/bug.php?id=48153) to increase the stack size and that fixed the issue.
 [2009-12-15 00:54 UTC] felipe@php.net 
Not a PHP bug.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Apr 23 22:01:31 2024 UTC