PHP :: Bug #47962 :: preg_split cause Segmentation Fault

Bug #47962	preg_split cause Segmentation Fault
Submitted:	2009-04-13 15:50 UTC	Modified:	2009-04-13 16:28 UTC
From:	poltorak at alsenet dot com	Assigned:
Status:	Closed	Package:	PCRE related
PHP Version:	5.2.6	OS:	Ubuntu Linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2009-04-13 15:50 UTC] poltorak at alsenet dot com

Description:
------------
This code cause segmentation fault in PHP Version 5.2.6-2ubuntu4.1
I can't check it on 5.2.9 for now. Please check.

If I reduce 200 (in for cycle) to 100, everything works.
If I delete ",'1'" at the end of $t string, everything works.


Reproduce code:
---------------
<?
  $t = "'1','8','10','1','5','3','0','0','0','4','2','9','0','1';";

  $a = "";
  for ($i=0; $i<200; $i++)
   $a .= $t;

  print preg_split("/;+(?=([^'|^\\\']*['|\\\'][^'|^\\\']*['|\\\'])*[^'|^\\\']*[^'|^\\\']$)/", $a);
?>


Expected result:
----------------
Array

Actual result:
--------------
Segmentation Fault in error_log and empty page in browser.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-04-13 16:28 UTC] jani@php.net

Works fine with PHP 5.2.9. Update!

[2015-11-27 06:07 UTC] qp10509 at gmail dot com

The same error occurred!!!

OS : Macintosh OSX 10.9.5
PHPVersion : [5.5.10] [5.4.26] [5.3.28] [5.2.17]

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2021 The PHP Group All rights reserved.	Last updated: Sat Jan 23 17:01:23 2021 UTC