PHP :: Bug #51663 :: PHP preg_match doesn't match string which should match

Bug #51663	PHP preg_match doesn't match string which should match
Submitted:	2010-04-26 00:37 UTC	Modified:	2010-05-04 20:36 UTC
From:	jordi dot salvat dot i dot alabart at gmail dot com	Assigned:
Status:	Not a bug	Package:	PCRE related
PHP Version:	5.3.2	OS:	Ubuntu
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	jordi dot salvat dot i dot alabart at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2010-04-26 00:37 UTC] jordi dot salvat dot i dot alabart at gmail dot com

Description:
------------
This regular expression: /^(?:[^\[\]{}']+|'[^']*')+:(?:[^\[\]{}']+|'[^']*')+$/
matches this string: a:bbbbbbbbbbbbbbb
in Perl (5.10.0-24ubuntu4):

perl <<__END__
print 'a:bbbbbbbbbbbbb' =~ q/^(?:[^\[\]{}']+|'[^']*')+:(?:[^\[\]{}']+|'[^']*')+$/;
print "\n";
__END__
1

and pcretest (libpcre3 7.8-3):

pcretest <<__END__
/^(?:[^\[\]{}']+|'[^']*')+:(?:[^\[\]{}']+|'[^']*')+$/
a:bbbbbbbbbbbbbbb
__END__
PCRE version 7.8 2008-09-05

  re> data> 0: a:bbbbbbbbbbbbbbb
data>

Not, however, in PHP (5.3.2):
$ ./php --version
PHP 5.3.2 (cli) (built: Apr 25 2010 23:58:33)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
$ ./php <<__END__

<?= preg_match("/^(?:[^\[\]{}']+|'[^']*')+:(?:[^\[\]{}']+|'[^']*')+$/", "a:bbbbbbbbbbbbb") ?>

__END__
0

The bug is pretty sensible to changes in the input. Removing a couple of "b"s makes it match. I don't know which aspects of the regexp cause it to fail.

For confirmation that this is indeed a bug without having to decypher the regexp, here's proof:

<?php
$A='(?:[^\[\]{}\']+|\'[^\']*\')+';
$a= 'a';
$B=":$A";
$b= ':bbbbbbbbbbbbbbb';
print_r(preg_match("/^$A$/", "$a"));
print_r(preg_match("/^$B$/", "$b"));
print_r(preg_match("/^$A$B$/", "$a$b"));
print_r("\n");

This outputs "110", which is impossible since if /^$A$/ matches "$a" and /^$B$/ matches "$b", /^$A$B$/ should definitely match "$a$b".

Test script:
---------------
<?= preg_match("/^(?:[^\[\]{}']+|'[^']*')+:(?:[^\[\]{}']+|'[^']*')+$/", "a:bbbbbbbbbbbbb") ? "pass" : "fail" ?>


Expected result:
----------------
pass

Actual result:
--------------
fail

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2010-04-26 00:52 UTC] jordi dot salvat dot i dot alabart at gmail dot com

I've been able to simplify the example to:

<?= preg_match("/(.+)+:/", "a:bbbbbbbbbbbbb") ? "pass" : "fail" ?>

(I've checked this simplified form fails in PHP 5.2.10-2ubuntu6.4; checking it in 5.3.2 too is left as an exercise for the reader).

[2010-04-26 12:18 UTC] johannes@php.net

-Status: Open +Status: Feedback

[2010-04-26 12:18 UTC] johannes@php.net

Are you using the bundled PCRE lib or your system's one? - Default is the bundled one. currently bundled is 8.02. i assume  this is  a PCRE and no PHP issue.

[2010-04-28 11:31 UTC] adconrad at ubuntu dot com

Given that Ubuntu builds PHP against the system libpcre, and pcretest (by definition, but also a quick visual check with ldd) also uses the system libpcre, it seems unlikely this is a problem with libpcre itself, since pcretest works and PHP doesn't.

[2010-04-28 11:45 UTC] pajoye@php.net

Only to be sure:

did you actually try using 5.3.2 and the bundled PCRE? You can test it without having to install PHP on your system. You only have to compile php. The same applies for php 5.2.13.

[2010-04-28 17:48 UTC] jordi dot salvat dot i dot alabart at gmail dot com

-Status: Feedback +Status: Open

[2010-04-28 17:48 UTC] jordi dot salvat dot i dot alabart at gmail dot com

No, I didn't try it myself. A colleague (Diego Campoy) with more time available downloaded, compiled, and tested my first steps-to-reproduce in 5.3.2, thus confirming the bug.

Diego confirms that he tested with the bundled PCRE library, version 7.8.

[2010-04-30 00:03 UTC] felipe@php.net

-Status: Open +Status: Bogus

[2010-04-30 00:03 UTC] felipe@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

Change the pcre.backtrack_limit directive value. [1]

Tested on 5.3SVN:
<?php

printf("pcre.backtrack_limit = %d\n", ini_get('pcre.backtrack_limit'));
var_dump(preg_match("/(.+)+:/", "a:bbbbbbbbbbbbb")); // 0
var_dump(preg_last_error()); // 2 (i.e. PREG_BACKTRACK_LIMIT_ERROR)

ini_set('pcre.backtrack_limit', 1000000);
printf("pcre.backtrack_limit = %d\n", ini_get('pcre.backtrack_limit'));
var_dump(preg_match("/(.+)+:/", "a:bbbbbbbbbbbbb")); // 1
var_dump(preg_last_error()); // 0

[1] http://docs.php.net/manual/en/pcre.configuration.php

[2010-05-04 20:36 UTC] jordi dot salvat dot i dot alabart at gmail dot com

Thanks a lot for diagnosing this one.

Clearly I should avoid excessive backtracking by using the likes of /([^:]+)+:/ instead of /(.+)+/.

I've filed a report for the incorrect return value in http://bugs.php.net/bug.php?id=51741

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 19 23:01:28 2024 UTC