php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #64094 preg_match crashes php
Submitted: 2013-01-29 11:09 UTC Modified: 2013-02-01 21:41 UTC
From: george at polarismail dot com Assigned:
Status: Not a bug Package: PCRE related
PHP Version: 5.4.11 OS: FreeBSD 8.0
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: george at polarismail dot com
New email:
PHP Version: OS:

 

 [2013-01-29 11:09 UTC] george at polarismail dot com 
Description:
------------
We had this preg_match code running on PHP 5.3.6 and it was crashing so we updated 
to 5.4.11 and it's still crashing. We are using PCRE 8.3.2 

Test script:
---------------
$uidlist="40065,40066,40067,40068,40069,40070,40071,40072,40073,40074,40075,40076,40077,40078,40079,40080,40082,40081,40083,40084,40085,40086,40087,40088,40090,40089,40092,40093,40094,40095,40097,40153,40154,40155,40156,40157,40158,40159,40161,40160,40162,40163,40164,40165,40166,40167,40168,40170,40171,40172,40173,40174,40176,40178,40180,40181,40182,40183,40184,40185,40186,40187,40188,40189,40190,40191,40192,40193,40194,40195,40196,40198,40199,40200,40201,40202,40203,40204,40205,40206,40207,40209,40210,40211,40212,40213,40214,40215,40217,40218,40222,40223,40225,40226,40227,40228,40229,40230,40231,40232,40233,40234,40235,40237,40236,40238,40239,40240,40241,40242,40244,40245,40246,40247,40248,40249,40250,40251,40254,40252,40253,40255,40256,40257,40259,40260,40261,40262,40264,40265,40270,40271,40272,40273,40275,40263,40276,40277,40278,40279,40280,40281,40282,40283,40284,40285,40286,40287,40288,40289,40290,40291,40292,40293,40294,40295,40296,40297,40298,40299,40300,40301,40303,40304,40305,40306,40307,40308,40309,40310,40311,40312,40313,40314,40315,40316,40317,40318,40319,40320,40321,40324,40322,40323,40325,40326,40327,40329,40330,40331,40332,40333,40335,40334,40336,40337,40338,40339,40340,40341,40342,40345,40346,40347,40349,40350,40351,40352,40353,40355,40357,40358,40359,40360,40361,40362,40363,40364,40365,40366,40367,40369,40371,40372,40373,40379,40374,40375,40376,40377,40378,40380,40381,40382,40383,40384,40387,40388,40389,40390,40391,40392,40395,40396,40397,40398,40399,40400,40401,40402,40403,40404,40405,40406,40407,40408,40409,40410,40415,40413,40416,40414,40417,40418,40419,40420,40421,40423,40433,40425,40426,40427,40428,40429,40430,40431,40441,40434,40435,40436,40437,40438,40443,40439,40440,40447,40442,40444,40445,40446,40448,40450,40449,40451,40452,40453,40454,40456,40455,40458,40459,40460,40461,40462,40463,40464,40465,40466,40467,40468,40469,40470,40471,40472,40473,40474,40475,40476,40477,40478,40479,40480,40481,40482,40483,40484,40485,40486,40487,40488,40489,40490,40491,40492,40493,40494,40495,40496,40497,40498,40499,40500,40501,40502,40503,40504,40505,40506,40507,40508,40509,40510,40511,40512,40513,40514,40515,40516,40518,40519,40520,40521,40522,40523,40524,40525,40526,40527,40528,40529,40530,40531,40532,40533,40534,40535,40536,40537,40538,40539,40540,40541,40542,40543,40544,40545,40546,40547,40548,40549,40550,40551,40552,40553,40554,40555,40556,40557,40558,40563,40559,40560,40561,40562,40564,40565,40566,40567,40568,40569,40570,40571,40572,40573,40574,40575,40576,40577,40578,40579,40580,40581,40588,40594,40616,40626,40630,40644,40645,40646,40647,40648,40649,40650,40669,40679,40680,40681,40682,40684,40685,40691,40686,40687,40688,40690,40689,40692,40695,40696,40697,40698,40700,40702,40701,40705,40706,40707,40708,40710,40711,40716,40718,40732,40733,40734,40735,40736,40737,40738,40739,40740,40741,40742,40743,40744,40745,40746,40747,40748,40749,40750,40751,40752,40753,40754,40755,40756,40758,40762,40759,40760,40761,40763,40764,40765,40775,40776,40777,40778,40779,40780,40781,40782,40783,40784,40785,40786,40792,40794,40795,40796,40798,40799,40800,40802,40803,40804,40805,40806,40807,40808,40809,40810,40811,40812,40813,40814,40829,40821,40815,40816,40817,40818,40819,40820,40822,40823,40824,40825,40826,40827,40828,40830,40831,40833,40832,40834,40836,40835,40837,40838,40840,40841,40846,40842,40843,40844,40845,40847,40849,40853,40854,40855,40856,40857,40858,40859,40860,40861,40862,40863,40864,40865,40866,40868,40869,40870,40871,40872,40873,40874,40877,40884,40886,40889,40920,40908,40909,40910,40911,40912,40913,40914,40915,40916,40917,40919,40921,40922,40923,40924,40925,40927,40928,40929,40930,40931,40932,40933,40934,40935,40936,40937,40938,40939,40940,40941,40942,40943,40944,40945,40946,40947,40948,40949,40950,40951,40952,40953,40954,40955,40956,40957,40964,40965,40967,40969,40970,40972,40973,40975,40976,40982,40977,40978,40979,40980,40981,40983,40984,40985,40986,40987,40988,40989,40990,40991,40992,40993,40994,40995,40996,40997,40998,40999,41000,41001,41002,41004,41005,41006,41007,41008,41010,41011,41012,41013,41018,41019,41020,41021,41022,41023,41024,41025,41026,41027,41028,41029,41031,41032,41030,41033,41034,41035,41052,41036,41042,41043,41044,41045,41046,41047,41048,41049,41050,41051,41056,41060,41057,41058,41059,41061,41062,41063,41073,41074,41075,41077,41076,41078,41081,41087,41088,41089,41090,41091,41093,41094,41095,41097,41099,41100,41101,41103,41105,41106,41107,41108,41110,41109,41111,41112,41113,41114,41115,41116,41117,41118,41119,41121,41122,41123,41124,41125,41126,41127,41128,41129,41130,41131,41133,41134,41135,41136,41139,41140,41141,41142,41143,41144,41147,41145,41146,41148,41149,41150,41151,41152,41160,41161,41163,41162,41164,41165,41166,41167,41168,41169,41170,41171,41172,41173,41174,41180,41181,41187,41188,41192,41195,41198,41199,41200,41201,41202,41204,41205,41206,41207,41208,41209,41216,41217,41218,41219,41220,41221,41222,41223,41224,41226,41227,41232,41228,41229,41230,41231,41233,41234,41235,41236,41237,41238,41239,41240,41241,41242,41243,41244,41245,41246,41247,41248,41250,41251,41252,41253,41254,41255,41256,41257,41258,41259,41260,41261,41262,41263,41264,41265,41266,41267,41270,41268,41269,41271,41272,41277,41278,41282,41283,41284,41285,41286,41287,41288,41290,41291,41292,41293,41294,41295,41296,41297,41298,41299,41300,41301,41302,41303,41305,41306,41307,41308,41309,41310,41311,41312,41313,41317,41318,41339,41341,41340,41343,41344,41348,41349,41350,41351,41352,41353,41354,41355,41356,41357,41358,41359,41360,41361,41362,41363,41365,41367,41369,41370,41371,41372,41373,41374,41380,41384,41385,41387,41388,41389,41390,41391,41392,41393,41394,41395,41396,41397,41398,41399,41400,41403,41404,41405,41406,41408,41409,41410,41412,41413,41414,41415,41416,41417,41419,41418,41420,41422,41423,41424,41425,41426,41428,41429,41430,41431,41432,41433,41434,41435,41436,41437,41438,41439,41440,41441,41442,41459,41475,41444,41467,41468,41469,41470,41471,41472,41473,41474,41476,41477,41456,41457,41458,41460,41461,41462,41463,41464,41465,41466";


if (preg_match("/^(\d+\s*,*\s*|(\d+|\*):(\d+|\*))+$/", $uidlist)) {
        print "WIN";
}

Expected result:
----------------
it's supposed to print WIN

Actual result:
--------------
seg fault/core dump

....5000 more lines of "in match ()..."
#5551 0x0000000800bd8a90 in match () from /usr/local/lib/libpcre.so.3
#5552 0x0000000800bd6ef5 in match () from /usr/local/lib/libpcre.so.3

#5553 0x0000000800be270d in match () from /usr/local/lib/libpcre.so.3
#5554 0x0000000800bd6ef5 in match () from /usr/local/lib/libpcre.so.3

#5555 0x0000000800bd6ef5 in match () from /usr/local/lib/libpcre.so.3
#5556 0x0000000800bd2e74 in match () from /usr/local/lib/libpcre.so.3
#5557 0x0000000800be3f63 in pcre_exec () from /usr/local/lib/libpcre.so.3
#5558 0x0000000000469cfd in php_pcre_match_impl (pce=0x801acc0a0,
    subject=0x801875ee0 
"40065,40066,40067,40068,40069,40070,40071,40072,40073,40074,40075,40076,40077,4
0078,40079,40080,40082,40081,40083,40084,40085,40086,40087,40088,40090,40089,400
92,40093,40094,40095,40097,40153,40154,40"..., subject_len=6035,
    return_value=0x801855738, subpats=0x0, global=0, use_flags=0, flags=0, 
start_offset=0)
    at /usr/ports/lang/php5/work/php-5.4.11/ext/pcre/php_pcre.c:652
#5559 0x00000000004698b8 in php_do_pcre_match (ht=2, return_value=0x801855738, 
return_value_ptr=0x0, this_ptr=0x0,
    return_value_used=1, global=0) at /usr/ports/lang/php5/work/php-
5.4.11/ext/pcre/php_pcre.c:546
#5560 0x000000000046a81b in zif_preg_match (ht=2, return_value=0x801855738, 
return_value_ptr=0x0, this_ptr=0x0, return_value_used=1)
    at /usr/ports/lang/php5/work/php-5.4.11/ext/pcre/php_pcre.c:798



#5561 0x00000000006a29d0 in zend_do_fcall_common_helper_SPEC 
(execute_data=0x80181f0d8) at zend_vm_execute.h:642
#5562 0x00000000006aaa3b in ZEND_DO_FCALL_SPEC_CONST_HANDLER 
(execute_data=0x80181f0d8) at zend_vm_execute.h:2235
#5563 0x00000000006a0fb1 in execute (op_array=0x801854050) at 
zend_vm_execute.h:410
#5564 0x0000000000662499 in zend_execute_scripts (type=8, retval=0x0, 
file_count=3)
    at /usr/ports/lang/php5/work/php-5.4.11/Zend/zend.c:1315
#5565 0x00000000005cb946 in php_execute_script (primary_file=0x7fffffffe870) at 
/usr/ports/lang/php5/work/php-5.4.11/main/main.c:2492
#5566 0x00000000007ba544 in do_cli (argc=2, argv=0x7fffffffeb30) at 
/usr/ports/lang/php5/work/php-5.4.11/sapi/cli/php_cli.c:988
#5567 0x00000000007bb529 in main (argc=2, argv=0x7fffffffeb30) at 
/usr/ports/lang/php5/work/php-5.4.11/sapi/cli/php_cli.c:1364

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-02-01 00:17 UTC] felipe@php.net
-Status: Open +Status: Not a bug
 [2013-02-01 00:17 UTC] felipe@php.net 
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

It isn't a PHP bug, but a PCRE known issue. Check out PCRE manpage to figure out the issue, or use the search on our bugtracker to find similar issues.
 [2013-02-01 21:38 UTC] george at polarismail dot com 
I forgot to mention in my original comment - and this is what you are referring to 
- that I tried increasing the backtrack limit and recursion limit to really high 
numbers without any effect. It still crashes. If I lower them to a really small 
number - like 10 or 100 - then it doesn't crash anymore but it doesn't provide any 
output either.
 [2013-02-01 21:41 UTC] felipe@php.net 
When no crash happens, check the preg_last_error() return for understanding what is happening. Any way, this is a PCRE library issue.

Thanks.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri May 03 10:01:31 2024 UTC