php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #65393 SIGSEGV
Submitted: 2013-08-05 12:14 UTC Modified: 2013-08-06 05:50 UTC
From: lukyrys at gmail dot com Assigned:
Status: Not a bug Package: PCRE related
PHP Version: 5.4.17 OS: Debian 7.1
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2013-08-05 12:14 UTC] lukyrys at gmail dot com 
Description:
------------
Hello, i have a problem with php when i use pcre regexp ((?<!href).)


Test script:
---------------
preg_match_all('#<a.*?href="([^<>]*?)\?img_id=(\d+)"\s*>((?<!href).)*<img.*?src="(.*?)"#i',$html,$outA)

Expected result:
----------------
array 

Actual result:
--------------
Reading symbols from /usr/bin/php...(no debugging symbols found)...done.
(gdb) run /var/www/502.cz/web/nod/onny/index.php
Starting program: /usr/bin/php /var/www/502.cz/web/nod/onny/index.php
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffec495700 (LWP 12351)]
[Thread 0x7fffec495700 (LWP 12351) exited]

Program received signal SIGSEGV, Segmentation fault.
0x00000000004811ed in ?? ()
(gdb) bt
#0  0x00000000004811ed in ?? ()
#1  0x0000000000483496 in ?? ()
#2  0x000000000048f798 in ?? ()
#3  0x0000000000483496 in ?? ()
#4  0x000000000048f798 in ?? ()
#5  0x0000000000483496 in ?? ()
.... same lines
#10900 0x0000000000483496 in ?? ()
#10901 0x000000000048fa8c in ?? ()
#10902 0x0000000000492e0c in php_pcre_exec ()
#10903 0x0000000000497ba8 in php_pcre_match_impl ()
#10904 0x0000000000498538 in ?? ()
#10905 0x000000000076a0f1 in ?? ()
#10906 0x0000000000723f87 in execute ()
#10907 0x00000000006c44dc in zend_execute_scripts ()
#10908 0x0000000000664523 in php_execute_script ()
#10909 0x000000000076ca83 in ?? ()
#10910 0x000000000043181a in ?? ()

#10911 0x00007ffff53b4ead in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6

#10912 0x00000000004318ad in _start ()

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-08-06 04:41 UTC] yohgaki@php.net
-Status: Open +Status: Feedback
 [2013-08-06 04:41 UTC] yohgaki@php.net 
Cannot reproduce w/o input.

php > $html = file_get_contents('http://edition.cnn.com/');                                            
php > preg_match_all('#<a.*?href="([^<>]*?)\?img_id=(\d+)"\s*>((?<!href).)*
<img.*?src="(.*?)"#i',$html,$outA);
php > var_dump($outA);
array(5) {
  [0]=>
  array(0) {
  }
  [1]=>
  array(0) {
  }
  [2]=>
  array(0) {
  }
  [3]=>
  array(0) {
  }
  [4]=>
  array(0) {
  }
}
php > 


Could you provide short self contained "complete" script that reproduce 
segfault?
 [2013-08-06 04:43 UTC] yohgaki@php.net 
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

We also needs complete backtrace. Please attach backtrace also.

https://wiki.debian.org/HowToGetABacktrace
 [2013-08-06 05:50 UTC] laruence@php.net
-Status: Feedback +Status: Not a bug
 [2013-08-06 05:50 UTC] laruence@php.net 
hi, this is obviously a stack overflow issue. no bug here.

please refer to 
http://www.php.net/manual/en/pcre.configuration.php#ini.pcre.recursion-limit
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 22:01:28 2024 UTC