php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #54317 Regexp crashes Apache/PHP
Submitted: 2011-03-19 16:05 UTC Modified: 2016-08-20 12:11 UTC
Votes:4
Avg. Score:3.2 ± 1.5
Reproduced:3 of 4 (75.0%)
Same Version:1 (33.3%)
Same OS:3 (100.0%)
From: christian dot achatz at adventure-php-framework Assigned: cmb (profile)
Status: Not a bug Package: PCRE related
PHP Version: 5.3.6 OS: Windows
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2011-03-19 16:05 UTC] christian dot achatz at adventure-php-framework 
Description:
------------
---
From manual page: http://www.php.net/function.preg-replace#Description
---
Calling the script below apache crashes on windows installations. After removing almost any of the lines inside $notworking apache will NOT crash, no matter which line was removed in most cases.


Here is the system list that causes a crash or not:

Windows 7 SP1 (64bit) | XAMPP | Apache/2.2.17 (Win32) | PHP 5.3.5 | <<<<<<< CRASH!
Windows XP (32+64bit) | XAMPP | Apache 2.2.17 | PHP 5.3.5 | <<<<<<< CRASH!
WinXP 32Bit / Apache 2.2.17 / PHP 5.2.14 <<<<<<< CRASH!
Fedora 32Bit / Apache 2.2.15 / PHP 5.3.3 --> OK
Ubuntu 10.10 32Bit / Apache2 2.2.16 / PHP 5.3.3 -> OK

Test script:
---------------
<?php
echo 'Is the following crashing apache or whatever?<br />'.PHP_EOL;

// After removing almost any of the lines inside $notworking apache will NOT crash, no matter which line was removed in most cases.

$notworking = '<?php

//<*IslandStorageBase:start*> DO NOT CHANGE THIS COMMENT!
/**
* Automatically generated BaseObject for IslandStorage. !!DO NOT CHANGE THIS BASE-CLASS!!
* CHANGES WILL BE OVERWRITTEN WHEN UPDATING!!
* You can change class "IslandStorage" which will extend this base-class.
*/
class IslandStorageBase extends AbstractSimpleStorage {
}
<*IslandStorageBase:end*>
?>';

$content = preg_replace(
  '%//<\*IslandStorageBase:start\*>(.)+<\*IslandStorageBase:end\*>%s',
  'test',
  $notworking
);

echo 'If you can see this everything seems to be working fine.';

?>

Expected result:
----------------
Is the following crashing apache or whatever?
If you can see this everything seems to be working fine.

Actual result:
--------------
Apache crashes with the following log entry:

Parent: child process exited with status xyz -- Restarting.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-03-19 17:56 UTC] pajoye@php.net
-Status: Open +Status: Bogus
 [2011-03-19 17:56 UTC] pajoye@php.net 
Stack size problem. You can run the script through the CLI sapi to see that PHP 
actually works. However Apache has a smaller stack and causes such regexp to crash 
(or similar side effect). Increase the stack of Apache to fix this problem. Use 
Editbin for that: http://msdn.microsoft.com/en-us/library/d25ddyfc(v=VS.80).aspx
 [2011-03-19 17:56 UTC] pajoye@php.net
-Status: Bogus +Status: To be documented
 [2011-03-19 17:56 UTC] pajoye@php.net 
Maybe worth adding my last comment to the PHP manual.
 [2011-03-25 10:22 UTC] christian dot achatz at adventure-php-framework 
Thanks for your analysis. I'll try the solution described on the MSDN article.
 [2016-08-20 10:37 UTC] cmb@php.net
-Package: Regexps related +Package: PCRE related
 [2016-08-20 12:11 UTC] cmb@php.net
-Status: Open +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2016-08-20 12:11 UTC] cmb@php.net 
The potential stack exhaustion is alread noted in the manual, see
<http://php.net/manual/en/pcre.configuration.php#ini.pcre.recursion-limit>.
More detailed information might quickly become out-dated.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Apr 20 02:01:29 2024 UTC