|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2012-03-01 00:41 UTC] felipe@php.net
-Status: Open
+Status: Not a bug
[2012-03-01 00:41 UTC] felipe@php.net
[2012-03-01 07:12 UTC] pajoye@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Tue Nov 04 18:00:01 2025 UTC |
Description: ------------ stack overflow in php5ts.dll Unhandled exception at 0x60b7b0b3 (php5ts.dll) in httpd.exe: 0xC00000FD: Stack overflow. module: php5ts.dll affected php versions: 5.3.8/5.3.9/5.3.10 (win32) src: ./ext/pcre/php_pcre.c:497 ./ext/pcre/pcre_exec.c:649 (position on stack overflow, random since this is a stack overflow) btw. yes i know i can set pcre.recursion_limit. this might fix the symptoms but not the problem. php crashes even with pcre.recursion_limit=650. for example other projects do not crash on maxed out recursions... Regards, Martin ------------- Call Stack: ----------- ... php5ts.dll!match() repeatet until stack exhausted .... php5ts.dll!match(const unsigned char * eptr=0x04d6e66f, const unsigned char * ecode=0x02705ca0, const unsigned char * mstart=0x04d6e66f, const unsigned char * markptr=0x00000000, int offset_top=0x00000004, match_data * md=0x0230f914, unsigned long ims=0x00000005, eptrblock * eptrb=0x00000000, int flags=0x00000000, unsigned int rdepth=0x00000001) Line 1515 + 0x2f bytes C php5ts.dll!match(const unsigned char * eptr=0x04d6e66f, const unsigned char * ecode=0x02705c98, const unsigned char * mstart=0x04d6e66f, const unsigned char * markptr=0x00000000, int offset_top=0x00000002, match_data * md=0x0230f914, unsigned long ims=0x00000005, eptrblock * eptrb=0x00000000, int flags=0x00000000, unsigned int rdepth=0x00000000) Line 834 + 0x40 bytes C php5ts.dll!php_pcre_exec(const real_pcre * argument_re=0x02705c70, const pcre_extra * extra_data=0x0230fa5c, const char * subject=0x04d6e5f0, int length=0x00000467, int start_offset=0x00000000, int options=0x00000000, int * offsets=0x04d6eb10, int offsetcount=0x0000000c) Line 6099 + 0x3f bytes C php5ts.dll!php_pcre_match_impl(pcre_cache_entry * pce=0x04f79918, char * subject=0x04d6e5f0, int subject_len=0x00000467, _zval_struct * return_value=0x04d6eaa0, _zval_struct * subpats=0x04d6ea80, int global=0x00000000, int use_flags=0x00000000, long flags=0x00000000, long start_offset=0x00000000, void * * * tsrm_ls=0x0278ca60) Line 629 C php5ts.dll!php_do_pcre_match(int ht=0x00000003, _zval_struct * return_value=0x00000000, _zval_struct * * return_value_ptr=0x60b72db7, _zval_struct * this_ptr=0x60b72db7, int return_value_used=0x60b72db7, void * * * tsrm_ls=0x00000000, int global=0x00000000) Line 520 + 0x2b bytes C php5ts.dll!zif_preg_match(int ht=0x00000003, _zval_struct * return_value=0x04d6eaa0, _zval_struct * * return_value_ptr=0x00000000, _zval_struct * this_ptr=0x00000000, int return_value_used=0x00000001, void * * * tsrm_ls=0x0278ca60) Line 771 + 0x17 bytes C php5ts.dll!zend_do_fcall_common_helper_SPEC(_zend_execute_data * execute_data=0x04da0080, void * * * tsrm_ls=0x0278ca00) Line 320 + 0x41 bytes C php5ts.dll!ZEND_DO_FCALL_SPEC_CONST_HANDLER(_zend_execute_data * execute_data=0x00000000, void * * * tsrm_ls=0x00000000) Line 1640 + 0xe bytes C php5ts.dll!execute(_zend_op_array * op_array=0x04d6dca0, void * * * tsrm_ls=0x0278ca00) Line 107 + 0xa bytes C php5ts.dll!zend_execute_scripts(int type=0x00000008, void * * * tsrm_ls=0x0278ca60, _zval_struct * * retval=0x00000000, int file_count=0x00000003, ...) Line 1237 C php5ts.dll!php_execute_script(_zend_file_handle * primary_file=0x0230fe44, void * * * tsrm_ls=0x0278ca60) Line 2308 + 0x12 bytes C php5apache2_2.dll!php_handler(request_rec * r=0x01f77130) Line 669 + 0xe bytes C libhttpd.dll!6ff02515() .... System infos (this is from php 5.3.8, same behavior in 5.3.10): ------------- System Windows NT xx6.0 build 6002 (Windows Vista Business Edition Service Pack 2) i586 Architecture x86 Configure Command cscript /nologo configure.js "--enable-snapshot-build" "--disable-isapi" "--enable-debug-pack" "--disable-isapi" "--without-mssql" "--without-pdo-mssql" "--without-pi3web" "--with-pdo-oci=D:\php-sdk\oracle\instantclient10\sdk,shared" "--with-oci8=D:\php-sdk\oracle\instantclient10\sdk,shared" "--with-oci8-11g=D:\php-sdk\oracle\instantclient11\sdk,shared" "--enable-object-out-dir=../obj/" "--enable-com-dotnet" "--with-mcrypt=static" "--disable-static-analyze" Apache Version Apache/2.2.21 (Win32) mod_ssl/2.2.21 OpenSSL/1.0.0e PHP/5.3.8 pcre PCRE (Perl Compatible Regular Expressions) Support enabled PCRE Library Version 8.12 2011-01-15 Test script: --------------- <?php $data= 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"praeparari"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApraeparariAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'; //+1A to crash => 10.494~ print_r (preg_match("/(\"praeparari\")(.)*(\.)/ixs",$data)); //crash print_r (preg_match("/(.)*/ixs",$data)); //crash ?> Expected result: ---------------- no crash. Actual result: -------------- httpd worker crashes due to crash in php5ts