php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #48347 Connection Interrupted after invalid preg_match_all
Submitted: 2009-05-20 19:15 UTC Modified: 2009-05-21 20:02 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: kenorb at gmail dot com Assigned:
Status: Not a bug Package: PCRE related
PHP Version: 5.2.9 OS: win32 only - Windows7
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2009-05-20 19:15 UTC] kenorb at gmail dot com 
Description:
------------
Following code crashing whole website.
A could reproduce it with php5.2.9-1 on Win7 (using WAMP).
I couldn't on 5.2.6 on FreeBSD configuration.


Reproduce code:
---------------
$data = "; \$Id: administerusersbyrole.info,v 1.1.2.1 2009/01/27 20:40:40 smokris Exp \$\nname = Administer Users by Role\ndescription = \"Allows users with 'administer users' permission and a role (specified in 'Permissions') to edit/delete other users with a specified role.  If the user being edited has multiple roles, the user doing the editing must have permission to edit ALL of the user being edited's roles.  Also provides control over user creation.  Works well in conjunction with <a href='http://drupal.org/project/role_delegation'>role_delegation</a>.\"\ncore = 6.x\n\n; Information added by drupal.org packaging script on 2009-01-28\nversion = \"6.x-1.3\"\ncore = \"6.x\"\nproject = \"administerusersbyrole\"\ndatestamp = \"1233114605\"\n\n";
preg_match_all('
    @^\s*                           # Start at the beginning of a line, ignoring leading whitespace
    ((?:
      [^=;\[\]]|                    # Key names cannot contain equal signs, semi-colons or square brackets,
      \[[^\[\]]*\]                  # unless they are balanced and not nested
    )+?)
    \s*=\s*                         # Key/value pairs are separated by equal signs (ignoring white-space)
    (?:
      ("(?:[^"]|(?<=\\\\)")*")|     # Double-quoted string, which may contain slash-escaped quotes/slashes
      (\'(?:[^\']|(?<=\\\\)\')*\')| # Single-quoted string, which may contain slash-escaped quotes/slashes
      ([^\r\n]*?)                   # Non-quoted string
    )\s*$                           # Stop at the next end of a line, ignoring trailing whitespace
    @msx', $data, $matches, PREG_SET_ORDER);


Expected result:
----------------
Continue execution.

Actual result:
--------------
On Firefox: Connection Interrupted
On Chrome: Error 101 (net::ERR_CONNECTION_RESET): Unknown error.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-05-20 19:26 UTC] kenorb at gmail dot com 
Could be related to bug:
#20698 (but of course I can't add a comment there)
 [2009-05-21 12:29 UTC] jani@php.net 
Works fine under *nix.
 [2009-05-21 19:20 UTC] carsten_sttgt at gmx dot de 
I can reproduce this on Windows XP too. But only with PHP as Apache (2.2.x) Module.
The code is working in a CGI setup or with the CLI in the shell.

In Apaches' error.log you can found:
Parent: child process exited with status 3221225477 -- Restarting.

Regards,
Carsten
 [2009-05-21 20:02 UTC] nlopess@php.net 
just a normal stack overflow.
let's wait for windows binaries with bigger stacks (Pierre!)..
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 26 01:01:30 2024 UTC