PHP :: Bug #62876 :: Stack Overflow on preg

Bug #62876	Stack Overflow on preg_replace
Submitted:	2012-08-20 21:04 UTC	Modified:	2012-08-20 22:34 UTC
From:	lart2150 at gmail dot com	Assigned:
Status:	Not a bug	Package:	PCRE related
PHP Version:	Irrelevant	OS:	Windows/Linux/OSX
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2012-08-20 21:04 UTC] lart2150 at gmail dot com

Description:
------------
When I run the test script php crashes.  I have this issue with cli 5.3.10, 5.3.16, and the 5.4 snapshot from the 15th on windows(I can't find a newer snapshot for windows).  I have also reproduced this under mod_php and cli builds from zend server and from apple stock 10.7.

Test script:
---------------
<?php
$sql = "SELECT count(*) AS `count`, GROUP_CONCAT(error_log_id) AS `ids` FROM `error_log` WHERE (error_log_date BETWEEN DATE_SUB(NOW(), INTERVAL '15' MINUTE) AND NOW()) AND (error_log_msg_short = 'Cannot retrieve metadata for IdP \'http://10.246.220.59/saml2/idp/metadata.php\' because it isn\'t a valid IdP for this SP.') AND (error_log_request = 'array (\n  \'controller\' =&gt; \'saml\',\n  \'action\' =&gt; \'acs\',\n  \'source\' =&gt; \'optumsaml\',\n  \'module\' =&gt; \'default\',\n  \'SAMLResponse\' =&gt; \'+PHNhbWw6SXNzdWVyPmh0dHA6Ly8xMC4yNDYuMjIwLjU5L3NhbWwyL2lkcC9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgogIDxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CiAgICA8ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIi8+CiAgPGRzOlJlZmVyZW5jZSBVUkk9IiNwZng0NDdhYTI0Yy1iMTEzLTY5ZjUtYzVjMi03YWNiYzMwZjA2MTgiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+PGRzOkRpZ2VzdFZhbHVlPnVJdk5rbmhCZzJHK3pCWnJObVJlZ0NicVp3cz08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU+T1FuSnBCMmwweWtxRjdmekJvZU9CakRMaVByNHJ3aFlsUTBQQkFhUm9Od21EU0xPRjA5TEJ5NjFGb2ZqbkIwN1IybXF6aEFYbEZnZ0xNMVl3dzRFV21YNWdOcmZYeVhkVkNqdWQwT3F2MFJxRjBtTWFRWDd0Mm9qVkdwK1N6OFhlcjNweFV0K1FocjhyOVg4M0xOekYxZW1kOEg4MTdST2M1aWh2MjJNWXFDK3BzTEh2TVNodzBTY2ptZ3B3VGJ6RkIxK1RkMDJodVBSbFV3MjY4UkpoRkI5VWR2QUVzc3BFQ0NFUlB4cnRnVTBNNzNiSDZkd2Z1Q0VQb3pPbDF2akpra2RMOFNGd3JkZlRBekJ6OUU3TThvU0xRQ2FiZWxZTVpNa1ViQTB5WGpXdHdiS2tVcW1uemdBRkYwaFBzVzNrZldJWmd1NW00TkZtdVowenJwdWJnPT08L2RzOlNpZ25hdHVyZVZhbHVlPgo8ZHM6S2V5SW5mbz48ZHM6WDUwOURhdGE+PGRzOlg1MDlDZXJ0aWZpY2F0ZT5NSUlFVGpDQ0F6YWdBd0lCQWdJSkFNdVFubko3NTN2Yk1BMEdDU3FHU0liM0RRRUJCUVVBTUhjeEN6QUpCZ05WQkFZVEFsVlRNUkl3RUFZRFZRUUlFd2xOYVc1dVpYTnZkR0V4RVRBUEJnTlZCQWNUQ0ZCc2VXMXZkWFJvTVJzd0dRWURWUVFLRXhKVmJtbDBaV1JJWldGc2RHZ2dSM0p2ZFhBeEREQUtCZ05WQkFzVEExVklWREVXTUJRR0ExVUVBeE1OTVRBdU1qUTJMakl5TUM0MU9UQWVGdzB4TWpBNE1UY3lNRE0xTURGYUZ3MHlNakE0TVRjeU1ETTFNREZhTUhjeEN6QUpCZ05WQkFZVEFsVlRNUkl3RUFZRFZRUUlFd2xOYVc1dVpYTnZkR0V4RVRBUEJnTlZCQWNUQ0ZCc2VXMXZkWFJvTVJzd0dRWURWUVFLRXhKVmJtbDBaV1JJWldGc2RHZ2dSM0p2ZFhBeEREQUtCZ05WQkFzVEExVklWREVXTUJRR0ExVUVBeE1OTVRBdU1qUTJMakl5TUM0MU9UQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU5lR1pVZXBnazRhZDBpcHhqTG5sOFJZOXNQblRWTjg3MThMaEVnZDA2bURjOU9aUmJVNlErWHV4UzVrMzBCbHFzOWVzZmpZWCsyalV6Zk9sZFlWYXBieWlzVnJ4emNRcHBsOW9pUjNEYVVZRVdmVzFoOEQ4TW56eTh0Q0dudkkrci9zSFVqSVI2U3pIMzZEZUtvWXhhdU9RdCtXN0xMWjFKOFJZM2daRW0xTWQzNHI5TStscmRrbW0rVmYya3JpNitLRGs3MmlVR1lDZ2hHT0FXc1Z2Yi9rNk9EcHRFUkp2R1VNVU5nT2YyWU4yZm53SFF4OXVjaHNiYzVuaVBtM2xBK0l0LzlUSTJRbExYdEdkM3dyczlzMWdSV2x6WVhXeDhmMG9xcnp1dDdOdCtNTnQzc2lYSnhXNGxpUFdPMno3U0xCNmdlSVFZeVp1T0ZVdTU3L2xIOENBd0VBQWFPQjNEQ0IyVEFkQmdOVkhRNEVGZ1FVNW4zQ2dDQ2V2TFdkNHc4MFh1RC9LNkZBeGswd2dha0dBMVVkSXdTQm9UQ0Jub0FVNW4zQ2dDQ2V2TFdkNHc4MFh1RC9LNkZBeGsyaGU2UjVNSGN4Q3pBSkJnTlZCQVlUQWxWVE1SSXdFQVlEVlFRSUV3bE5hVzV1WlhOdmRHRXhFVEFQQmdOVkJBY1RDRkJzZVcxdmRYUm9NUnN3R1FZRFZRUUtFeEpWYm1sMFpXUklaV0ZzZEdnZ1IzSnZkWEF4RERBS0JnTlZCQXNUQTFWSVZERVdNQlFHQTFVRUF4TU5NVEF1TWpRMkxqSXlNQzQxT1lJSkFNdVFubko3NTN2Yk1Bd0dBMVVkRXdRRk1BTUJBZjh3RFFZSktvWklodmNOQVFFRkJRQURnZ0VCQUEvcjB1OGFoUjFSSnY5TVkzR2pFZTNzeTluTVdkaHpmWlRKSEZRejc3aTA0VVNvc01pRlVrWEF3WG1ibTdjTyt1NFNiNmxKNjFsZm9RbkRuTEc5TXJ6aWwxK0lNSVE3NUgxTE9UalkzL0oxTERRQ3c3SDNlM2ZRZWhhNnhsRHZsN0hSeGpQWlhydXg2ODBjSmtiaDF3b3hCTnAzc3d2cTJOVzhxR3k1bGRSNlpIU0ExM0drOTdZR3ltR3hLc0hwNC9KejY2a1VNYlNDbmdVYUw5cFNUTUZNU2dpK01KeUtXQWdZM09QckxpcWFEZFVrYSt5djFibjYrNFNvVE5kbEU4cjFuZ3lwMUlTQkQva3NCeGdsaWNvRDNTdUVJU3VPc0x4OFBkTEg2UVRvbzBreGVyZGcxeXRTc3NUVUROMXJFK3NmbGptUkk3em1ER3gwVjJDNzZodz08L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25hdHVyZT48c2FtbHA6U3RhdHVzPjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz48L3NhbWxwOlN0YXR1cz48c2FtbDpBc3NlcnRpb24geG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiBJRD0icGZ4MGE5ZjNhZDUtZWI0Mi00ODdkLTUyYzQtNzk5NzIyNDIwNDBhIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxMi0wOC0xN1QyMTowNToyOFoiPjxzYW1sOklzc3Vlcj5odHRwOi8vMTAuMjQ2LjIyMC41OS9zYW1sMi9pZHAvbWV0YWRhdGEucGhwPC9zYW1sOklzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4KICA8ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPgogICAgPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPgogIDxkczpSZWZlcmVuY2UgVVJJPSIjcGZ4MGE5ZjNhZDUtZWI0Mi00ODdkLTUyYzQtNzk5NzIyNDIwNDBhIj48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIvPjxkczpEaWdlc3RWYWx1ZT42UHJoVnRaRXk5aGFpN2p3NjNlZ1BSRGFBaWs9PC9kczpEaWdlc3RWYWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8+PGRzOlNpZ25hdHVyZVZhbHVlPlp2VDN6dk5vd1dUVGNLMlBpKzQ2VjNUblRsWmlyaXpNdE5KYmZuejlHSFdEbzMxb1c4YlVnVDZvZXFCcXFlN3RGTFFDWjRoY1ZiT1g4SGFjSkhncXpVNUFZN2hmSnMxOWE3ek9hdVN0U1ZCSmNZdUJHNStBYlN1a3JXK3FVV0x2bkdEb1BEYlhMTnkvNU5WcXlLVXpnOGNVRnJwM2xWcEhYRnpQVisxcmhQdzhuYzFNUHhTYXhwZ2xRVE9zeG5sWjl1YTdrNWlWQVpJZUxMM0Q3MTIvVjRJNWJ5THVwMlZzbnM5WUpTOVB3a3FoZFJrWVhWRkdHa3RyZ3NjWE5jWE85djVuQ21jTGhOdktHMGp5bVhWWXlNeE5zNW5FamsyYTU4dHZxcm84b3JidnFyeUxycndLRmNlemlwZGluUmY5TFJ2ekdlWjJ4UHpEb0VCd0RTdDB6UT09PC9kczpTaWduYXR1cmVWYWx1ZT4KPGRzOktleUluZm8+PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJRVRqQ0NBemFnQXdJQkFnSUpBTXVRbm5KNzUzdmJNQTBHQ1NxR1NJYjNEUUVCQlFVQU1IY3hDekFKQmdOVkJBWVRBbFZUTVJJd0VBWURWUVFJRXdsTmFXNXVaWE52ZEdFeEVUQVBCZ05WQkFjVENGQnNlVzF2ZFhSb01Sc3dHUVlEVlFRS0V4SlZibWwwWldSSVpXRnNkR2dnUjNKdmRYQXhEREFLQmdOVkJBc1RBMVZJVkRFV01CUUdBMVVFQXhNTk1UQXVNalEyTGpJeU1DNDFPVEFlRncweE1qQTRNVGN5TURNMU1ERmFGdzB5TWpBNE1UY3lNRE0xTURGYU1IY3hDekFKQmdOVkJBWVRBbFZUTVJJd0VBWURWUVFJRXdsTmFXNXVaWE52ZEdFeEVUQVBCZ05WQkFjVENGQnNlVzF2ZFhSb01Sc3dHUVlEVlFRS0V4SlZibWwwWldSSVpXRnNkR2dnUjNKdmRYQXhEREFLQmdOVkJBc1RBMVZJVkRFV01CUUdBMVVFQXhNTk1UQXVNalEyTGpJeU1DNDFPVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFOZUdaVWVwZ2s0YWQwaXB4akxubDhSWTlzUG5UVk44NzE4TGhFZ2QwNm1EYzlPWlJiVTZRK1h1eFM1azMwQmxxczllc2ZqWVgrMmpVemZPbGRZVmFwYnlpc1ZyeHpjUXBwbDlvaVIzRGFVWUVXZlcxaDhEOE1uenk4dENHbnZJK3Ivc0hVaklSNlN6SDM2RGVLb1l4YXVPUXQrVzdMTFoxSjhSWTNnWkVtMU1kMzRyOU0rbHJka21tK1ZmMmtyaTYrS0RrNzJpVUdZQ2doR09BV3NWdmIvazZPRHB0RVJKdkdVTVVOZ09mMllOMmZud0hReDl1Y2hzYmM1bmlQbTNsQStJdC85VEkyUWxMWHRHZDN3cnM5czFnUldsellYV3g4ZjBvcXJ6dXQ3TnQrTU50M3NpWEp4VzRsaVBXTzJ6N1NMQjZnZUlRWXladU9GVXU1Ny9sSDhDQXdFQUFhT0IzRENCMlRBZEJnTlZIUTRFRmdRVTVuM0NnQ0NldkxXZDR3ODBYdUQvSzZGQXhrMHdnYWtHQTFVZEl3U0JvVENCbm9BVTVuM0NnQ0NldkxXZDR3ODBYdUQvSzZGQXhrMmhlNlI1TUhjeEN6QUpCZ05WQkFZVEFsVlRNUkl3RUFZRFZRUUlFd2xOYVc1dVpYTnZkR0V4RVRBUEJnTlZCQWNUQ0ZCc2VXMXZkWFJvTVJzd0dRWURWUVFLRXhKVmJtbDBaV1JJWldGc2RHZ2dSM0p2ZFhBeEREQUtCZ05WQkFzVEExVklWREVXTUJRR0ExVUVBeE1OTVRBdU1qUTJMakl5TUM0MU9ZSUpBTXVRbm5KNzUzdmJNQXdHQTFVZEV3UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUZCUUFEZ2dFQkFBL3IwdThhaFIxUkp2OU1ZM0dqRWUzc3k5bk1XZGh6ZlpUSkhGUXo3N2kwNFVTb3NNaUZVa1hBd1htYm03Y08rdTRTYjZsSjYxbGZvUW5EbkxHOU1yemlsMStJTUlRNzVIMUxPVGpZMy9KMUxEUUN3N0gzZTNmUWVoYTZ4bER2bDdIUnhqUFpYcnV4NjgwY0prYmgxd294Qk5wM3N3dnEyTlc4cUd5NWxkUjZaSFNBMTNHazk3WUd5bUd4S3NIcDQvSno2NmtVTWJTQ25nVWFMOXBTVE1GTVNnaStNSnlLV0FnWTNPUHJMaXFhRGRVa2EreXYxYm42KzRTb1ROZGxFOHIxbmd5cDFJU0JEL2tzQnhnbGljb0QzU3VFSVN1T3NMeDhQZExINlFUb28wa3hlcmRnMXl0U3NzVFVETjFyRStzZmxqbVJJN3ptREd4MFYyQzc2aHc9PC9kczpYNTA5Q2VydGlmaWNhdGU+PC9kczpYNTA5RGF0YT48L2RzOktleUluZm8+PC9kczpTaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQgU1BOYW1lUXVhbGlmaWVyPSJodHRwczovL2Rldi53ZWxsbmVzcy1pbmMuY29tL3NhbWwvbWV0YWRhdGEvc291cmNlL29wdHVtc2FtbCIgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDp0cmFuc2llbnQiPl9iMDFjZjVkMjYxMDI3ZDc0NGQ5Zjk5MzIxNDlmMmE5ZjE0ZmI4ZmY3MDk8L3NhbWw6TmFtZUlEPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBOb3RPbk9yQWZ0ZXI9IjIwMTItMDgtMTdUMjE6MTA6MjhaIiBSZWNpcGllbnQ9Imh0dHBzOi8vZGV2LndlbGxuZXNzLWluYy5jb20vc2FtbC9hY3Mvc291cmNlL29wdHVtc2FtbCIvPjwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDEyLTA4LTE3VDIxOjA0OjU4WiIgTm90T25PckFmdGVyPSIyMDEyLTA4LTE3VDIxOjEwOjI4WiI+PHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48c2FtbDpBdWRpZW5jZT5odHRwczovL2Rldi53ZWxsbmVzcy1pbmMuY29tL3NhbWwvbWV0YWRhdGEvc291cmNlL29wdHVtc2FtbDwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMTItMDgtMTdUMjA6MzE6MzZaIiBTZXNzaW9uTm90T25PckFmdGVyPSIyMDEyLTA4LTE4VDA1OjA1OjI4WiIgU2Vzc2lvbkluZGV4PSJfNWM2ZjZmMWY5NjgzM2I2ODhiZTgxZjFjMmI4OWRhMDRlOWVhMDUxZmQ1Ij48c2FtbDpBdXRobkNvbnRleHQ+PHNhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+PC9zYW1sOkF1dGhuQ29udGV4dD48L3NhbWw6QXV0aG5TdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRlU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJQYXJlbnRDb21wYW55SUQiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5DbzI0Mjc5PC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9IkZpcnN0TmFtZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPkFydGh1cjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJMYXN0TmFtZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPkhvZ2FydGg8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iRE9CIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+MTk1MS0wMS0xNjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJFbXBsb3llZUlEIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+\',\n)') LIMIT 1";
$match = "/'(\'|\\{2}|[^'])*'/";
$sql = preg_replace($match, '', $sql);



Expected result:
----------------
I expect php to return with out any output or crashing.

Actual result:
--------------
segmentation fault I'm including the backtrack from windows(stack overflow).
raw mht is at http://files.bengert.xanthos.soliantconsulting.com/CrashHang_Report__Date_08_20_2012__Time_03_28_13PM__753.mht

PHP5!MATCH+29In php__PID__9988__Date__08_20_2012__Time_03_27_35PM__616__Second_Chance_Exception_C00000FD.dmp the assembly instruction at php5!match+29 in c:\php-5.4-snapshot\php5.dll from The PHP Group has caused a stack overflow exception (0xC00000FD) when trying to write to memory location 0x00aa2f44 on thread 0


Image Name: c:\php-5.4-snapshot\php5.dll   
Symbol Type:  PDB 
Base address: 0x00905a4d   
Time Stamp:  Tue Aug 14 18:41:14 2012  
Checksum: 0x00000000   
Comments:   
COM DLL: False   
Company Name:  The PHP Group 
ISAPIExtension: False   
File Description:  PHP Script Interpreter 
ISAPIFilter: False   
File Version:  5.4.5-dev 
Managed DLL: False   
Internal Name:  PHP Script Interpreter 
VB DLL: False   
Legal Copyright:  Copyright © 1997-2010 The PHP Group 
Loaded Image Name:  php5.dll   
Legal Trademarks:  PHP 
Mapped Image Name:     
Original filename:  php5.dll 
Module name:  php5   
Private Build:   
Single Threaded:  False   
Product Name:  PHP 
Module Size:  5.79 MBytes   
Product Version:  5.4.5-dev 
Symbol File Name:  c:\php-5.4-snapshot\php5.pdb   
Special Build:  &

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-08-20 21:39 UTC] lart2150 at gmail dot com

This might be a issue with one of the more recent changes to php as http://3v4l.org/3cm5f shows that with a smaller string for $sql (wont let me use the full thing) php crashes for "5.3.10 - 5.3.16, 5.4.1 - 5.4.6" but works fine for "4.3.0 - 4.3.11, 4.4.0 - 4.4.9, 5.0.0 - 5.0.5, 5.1.0 - 5.1.6, 5.2.0 - 5.2.17, 5.3.0 - 5.3.9, 5.4.0"

[2012-08-20 22:17 UTC] jbury at soliantconsulting dot com

I think this might be a case of a pathological regular expression.  I tried 
converting the grouping parentheses to non-grouping, and it seems to have helped 
the regular expression complete matching on later versions of PHP, although it 
still fails on some older versions.

<?php

$sql = "'" . str_repeat('a', 10*1024);
$match = "/'(\'|\\{2}|[^'])*'/";
$sql = preg_replace($match, '', $sql);
var_dump($sql);

[2012-08-20 22:21 UTC] jbury at soliantconsulting dot com

This version with non-grouping parentheses works on later versions of PHP:

<?php

$sql = "'" . str_repeat('a', 10*1024);
$match = "/'(?:\'|\\{2}|[^'])*'/";
$sql = preg_replace($match, '', $sql);
var_dump($sql);

[2012-08-20 22:34 UTC] felipe@php.net

-Status: Open +Status: Not a bug

[2012-08-20 22:34 UTC] felipe@php.net

Stack overflow related to PCRE are known issues, it isn't a PHP issue.

Thanks.

[2012-08-20 22:34 UTC] felipe@php.net

-Package: Regexps related +Package: PCRE related

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2023 The PHP Group All rights reserved.	Last updated: Wed Nov 29 02:01:27 2023 UTC