php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #76270 regex-related functions crash instead of triggering memory-limit error
Submitted: 2018-04-25 17:02 UTC Modified: 2018-07-27 20:52 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: teo8976 at gmail dot com Assigned: nikic (profile)
Status: Closed Package: Reproducible crash
PHP Version: 5.6.35 OS:
Private report: No CVE-ID: None
 [2018-04-25 17:02 UTC] teo8976 at gmail dot com
Description:
------------
When memory usage exceeds the memory limit during the execution of regular-expression related functions (such as preg_replace, preg_replace_callback, etc), instead of triggering the error that you would normally get when exceeding the memory limit, php execution is simply abruptly aborted (it crashes?) and produces empty output, regardless of whether you have display_errors set to true and/or have set an error handler.


Test script:
---------------
// PSEUDOCODE

ini_set('memory_limit', $some_low_limit);

$s="a huge string (not big enough to exceed the memory limit itself";

preg_replace_callback(
 "/some_complex_regex_with_a_lot_of_matches/",
 function($match) { return whatever; },
 $s
);

Expected result:
----------------
Should trigger the memory-limit error in the same way as when you exceed the memory limit without regular expressions.
With display_errors set to true, you should see an error message

Actual result:
--------------
crashes and produces a f*****g blank page, even if display_errors is set to true, and you have no way of debugging what the f**k is going on. Took me ages to narrow it down to regular expressions.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-07-27 20:52 UTC] nikic@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: nikic
 [2018-07-27 20:52 UTC] nikic@php.net
This was mostly fixed in PHP 7, which enables PCRE JIT by default. In PHP 7.3 the issue is fully fixed with the update to PCRE2 (in particular including the rewrite of the non-JIT matcher to be non-recursive in version 10.30.)
 
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Wed Feb 01 07:05:52 2023 UTC