php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #62049 A specific regex/input combo crashes PHP
Submitted: 2012-05-16 15:54 UTC Modified: 2012-05-16 21:30 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:1 of 2 (50.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: arvids dot kokins at di dot lv Assigned:
Status: Not a bug Package: PCRE related
PHP Version: 5.4.3 OS: Windows
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2012-05-16 15:54 UTC] arvids dot kokins at di dot lv 
Description:
------------
Test script crashes on web server (Apache 2.2.21) only with "empty response" 
(324). Suspected to be a limit/overflow problem since it works if "errorerror" is 
replaced with "error".

Test script:
---------------
<?php
echo preg_match( '/^<a(.)+class="(.)?actor-link(.)?"(.)+>Super User<\/a>/', '<a class="actor-link" href="/errorerror.lv/lv/jomsocial/42-super-user/profile">Super User</a> added 2 new photos in <a href="/errorerror.lv/lv/jomsocial/42-super-user/photos/album?albumid=1">crap</a> album' );
echo "\nFINISHED!";
?>

Expected result:
----------------
"1\nFINISHED"

Actual result:
--------------
HTTP error 324: empty response. Probably PHP crash. Apache didn't crash.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-05-16 19:58 UTC] nulle at gmx dot com 
Apache 2.2.9
PHP 5.3.1
Windows
Everything works fine.
 [2012-05-16 20:34 UTC] arvids dot kokins at di dot lv 
Looks like a warning is thrown with an internal error: http://codepad.org/FmlJi8N9
Some configurations need bigger input strings to trigger a crash, some react 
differently...
Got HTTP error 101 (connection was reset) at home with the word "error" repeated 
25 times.
 [2012-05-16 21:00 UTC] arvids dot kokins at di dot lv 
Another example: http://ideone.com/L29ib
If I remove the round brackets, the example works though: http://ideone.com/3ILgY
 [2012-05-16 21:30 UTC] pajoye@php.net
-Status: Open +Status: Not a bug
 [2012-05-16 21:30 UTC] pajoye@php.net 
Increase the stack of the apache binaries or use the stack configuration option in 
the apache configuration.

That's not something PHP can change. As you can see it works just fine in CLI (php 
stack size is used there).
 [2012-05-17 04:57 UTC] arvids dot kokins at di dot lv 
Thanks, it did the trick.
I'm still slightly curious about the part that caused the stack overflow though -- 
but I guess I'll have to take it up with the developers of PCRE.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Wed Apr 24 11:01:30 2024 UTC