|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #76270 regex-related functions crash instead of triggering memory-limit error
Submitted: 2018-04-25 17:02 UTC Modified: 2018-07-27 20:52 UTC
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: teo8976 at gmail dot com Assigned: nikic (profile)
Status: Closed Package: Reproducible crash
PHP Version: 5.6.35 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: teo8976 at gmail dot com
New email:
PHP Version: OS:


 [2018-04-25 17:02 UTC] teo8976 at gmail dot com
When memory usage exceeds the memory limit during the execution of regular-expression related functions (such as preg_replace, preg_replace_callback, etc), instead of triggering the error that you would normally get when exceeding the memory limit, php execution is simply abruptly aborted (it crashes?) and produces empty output, regardless of whether you have display_errors set to true and/or have set an error handler.

Test script:

ini_set('memory_limit', $some_low_limit);

$s="a huge string (not big enough to exceed the memory limit itself";

 function($match) { return whatever; },

Expected result:
Should trigger the memory-limit error in the same way as when you exceed the memory limit without regular expressions.
With display_errors set to true, you should see an error message

Actual result:
crashes and produces a f*****g blank page, even if display_errors is set to true, and you have no way of debugging what the f**k is going on. Took me ages to narrow it down to regular expressions.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2018-07-27 20:52 UTC]
-Status: Open +Status: Closed -Assigned To: +Assigned To: nikic
 [2018-07-27 20:52 UTC]
This was mostly fixed in PHP 7, which enables PCRE JIT by default. In PHP 7.3 the issue is fully fixed with the update to PCRE2 (in particular including the rewrite of the non-JIT matcher to be non-recursive in version 10.30.)
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Wed Feb 08 02:05:49 2023 UTC