php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #53635 Long strings causes PCRE to seg fault
Submitted: 2011-01-01 02:18 UTC Modified: 2011-01-01 02:36 UTC
From: simon at simon dot geek dot nz Assigned:
Status: Not a bug Package: PCRE related
PHP Version: 5.3SVN-2011-01-01 (SVN) OS: Mac OS 10.6.5
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: simon at simon dot geek dot nz
New email:
PHP Version: OS:

 

 [2011-01-01 02:18 UTC] simon at simon dot geek dot nz
Description:
------------
Given certain regexs and large strings, preg_match() will recurse around 9200 
times and then seg fault. The shortest length for the string to match that I 
managed to get that reproduce the crash each time was 4596 characters. Different 
versions of the PCRE library can handle longer strings, but all versions I tested 
crashed at 7000.

I ran this solely through the CLI.

The configure command I used was: ./configure --without-pear "--prefix=$PWD" --
enable-debug for both SVN revision 306937 and PHP 5.3.4. The version of PHP 
(5.3.3) that is included in Mac OS 10.6.5 and is linked against external PCRE 
libraries also seg faulted.

The regex I was using is #^"((\\"|[^"])+)#. Removing \\"| prevents the seg fault 
from occurring.

Test script:
---------------
http://simon.geek.nz/assets/text/a

Expected result:
----------------
Either a 0 or a 1 to be returned.

Actual result:
--------------
PHP segfaulted with a rather large (6.1 MB) backtrace.

http://simon.geek.nz/assets/text/9

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-01-01 02:34 UTC] simon at simon dot geek dot nz
If needed, I can upload a script with a much longer string.
 [2011-01-01 02:36 UTC] felipe@php.net
-Status: Open +Status: Bogus
 [2011-01-01 02:36 UTC] felipe@php.net
This is a known behavior from PCRE.

See bug #51663
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Mon May 23 17:05:45 2022 UTC