php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #76276 PCRE Segmentation fault before PHP7
Submitted: 2018-04-27 14:36 UTC Modified: 2018-04-27 14:47 UTC
From: drealecs at gmail dot com Assigned:
Status: Wont fix Package: PCRE related
PHP Version: 5.6.36 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: drealecs at gmail dot com
New email:
PHP Version: OS:

 

 [2018-04-27 14:36 UTC] drealecs at gmail dot com
Description:
------------
There seems to be a buffer overflow in all PHP version 4.* and 5.*
but not on PHP 7.*

Test script:
---------------
$string = '';
for ($i = 0; $i < 10000; $i++) {
    $string .= chr(rand(65, 122));
}
echo "Calling preg_match_all()\n";
preg_match_all('/(\D|3)*/', $string, $matches);

echo "It didn't broke php\n";


Expected result:
----------------
Calling preg_match_all()
It didn't broke php

Actual result:
--------------
Calling preg_match_all()

Segmentation fault

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-04-27 14:37 UTC] drealecs at gmail dot com
https://3v4l.org/RJt1X
 [2018-04-27 14:41 UTC] spam2 at rhsoft dot net
> There seems to be a buffer overflow in all 
> PHP version 4.* and 5.* but not on PHP 7.*

so why do you bother to write a new bugreport at 2018-04-27 given that the only 2 supported versions are 7.1 and 7.2?
 [2018-04-27 14:47 UTC] nikic@php.net
-Status: Open +Status: Wont fix
 [2018-04-27 14:47 UTC] nikic@php.net
This is a classical PCRE stack overflow. PHP 7 is not affected because it uses PCRE JIT by default. The crash can still be reproduced under pcre.jit=0. On PHP 7.3 the issue has been resolved entirely as part of the upgrade to PCRE2, which moved to a non-recursive implementation of the non-JIT matcher in version 10.30.

In any case, PHP 5 is no longer supported for non-security issues and this is not a security issue.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Mon Aug 03 19:01:25 2020 UTC