php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #48347 Connection Interrupted after invalid preg_match_all
Submitted: 2009-05-20 19:15 UTC Modified: 2009-05-21 20:02 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: kenorb at gmail dot com Assigned:
Status: Not a bug Package: PCRE related
PHP Version: 5.2.9 OS: win32 only - Windows7
Private report: No CVE-ID: None
View Developer Edit
 [2009-05-20 19:15 UTC] kenorb at gmail dot com 
Description:
------------
Following code crashing whole website.
A could reproduce it with php5.2.9-1 on Win7 (using WAMP).
I couldn't on 5.2.6 on FreeBSD configuration.


Reproduce code:
---------------
$data = "; \$Id: administerusersbyrole.info,v 1.1.2.1 2009/01/27 20:40:40 smokris Exp \$\nname = Administer Users by Role\ndescription = \"Allows users with 'administer users' permission and a role (specified in 'Permissions') to edit/delete other users with a specified role.  If the user being edited has multiple roles, the user doing the editing must have permission to edit ALL of the user being edited's roles.  Also provides control over user creation.  Works well in conjunction with <a href='http://drupal.org/project/role_delegation'>role_delegation</a>.\"\ncore = 6.x\n\n; Information added by drupal.org packaging script on 2009-01-28\nversion = \"6.x-1.3\"\ncore = \"6.x\"\nproject = \"administerusersbyrole\"\ndatestamp = \"1233114605\"\n\n";
preg_match_all('
    @^\s*                           # Start at the beginning of a line, ignoring leading whitespace
    ((?:
      [^=;\[\]]|                    # Key names cannot contain equal signs, semi-colons or square brackets,
      \[[^\[\]]*\]                  # unless they are balanced and not nested
    )+?)
    \s*=\s*                         # Key/value pairs are separated by equal signs (ignoring white-space)
    (?:
      ("(?:[^"]|(?<=\\\\)")*")|     # Double-quoted string, which may contain slash-escaped quotes/slashes
      (\'(?:[^\']|(?<=\\\\)\')*\')| # Single-quoted string, which may contain slash-escaped quotes/slashes
      ([^\r\n]*?)                   # Non-quoted string
    )\s*$                           # Stop at the next end of a line, ignoring trailing whitespace
    @msx', $data, $matches, PREG_SET_ORDER);


Expected result:
----------------
Continue execution.

Actual result:
--------------
On Firefox: Connection Interrupted
On Chrome: Error 101 (net::ERR_CONNECTION_RESET): Unknown error.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-05-20 19:26 UTC] kenorb at gmail dot com 
Could be related to bug:
#20698 (but of course I can't add a comment there)
 [2009-05-21 12:29 UTC] jani@php.net 
Works fine under *nix.
 [2009-05-21 19:20 UTC] carsten_sttgt at gmx dot de 
I can reproduce this on Windows XP too. But only with PHP as Apache (2.2.x) Module.
The code is working in a CGI setup or with the CLI in the shell.

In Apaches' error.log you can found:
Parent: child process exited with status 3221225477 -- Restarting.

Regards,
Carsten
 [2009-05-21 20:02 UTC] nlopess@php.net 
just a normal stack overflow.
let's wait for windows binaries with bigger stacks (Pierre!)..
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun May 11 07:01:28 2025 UTC