php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #53635 Long strings causes PCRE to seg fault
Submitted: 2011-01-01 02:18 UTC Modified: 2011-01-01 02:36 UTC
From: simon at simon dot geek dot nz Assigned:
Status: Not a bug Package: PCRE related
PHP Version: 5.3SVN-2011-01-01 (SVN) OS: Mac OS 10.6.5
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
46 - 43 = ?
Subscribe to this entry?

 
 [2011-01-01 02:18 UTC] simon at simon dot geek dot nz
Description:
------------
Given certain regexs and large strings, preg_match() will recurse around 9200 
times and then seg fault. The shortest length for the string to match that I 
managed to get that reproduce the crash each time was 4596 characters. Different 
versions of the PCRE library can handle longer strings, but all versions I tested 
crashed at 7000.

I ran this solely through the CLI.

The configure command I used was: ./configure --without-pear "--prefix=$PWD" --
enable-debug for both SVN revision 306937 and PHP 5.3.4. The version of PHP 
(5.3.3) that is included in Mac OS 10.6.5 and is linked against external PCRE 
libraries also seg faulted.

The regex I was using is #^"((\\"|[^"])+)#. Removing \\"| prevents the seg fault 
from occurring.

Test script:
---------------
http://simon.geek.nz/assets/text/a

Expected result:
----------------
Either a 0 or a 1 to be returned.

Actual result:
--------------
PHP segfaulted with a rather large (6.1 MB) backtrace.

http://simon.geek.nz/assets/text/9

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-01-01 02:34 UTC] simon at simon dot geek dot nz
If needed, I can upload a script with a much longer string.
 [2011-01-01 02:36 UTC] felipe@php.net
-Status: Open +Status: Bogus
 [2011-01-01 02:36 UTC] felipe@php.net
This is a known behavior from PCRE.

See bug #51663
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Tue Jul 05 13:05:46 2022 UTC