|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #76276 PCRE Segmentation fault before PHP7
Submitted: 2018-04-27 14:36 UTC Modified: 2018-04-27 14:47 UTC
From: drealecs at gmail dot com Assigned:
Status: Wont fix Package: PCRE related
PHP Version: 5.6.36 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
Solve the problem:
50 - 15 = ?
Subscribe to this entry?

 [2018-04-27 14:36 UTC] drealecs at gmail dot com
There seems to be a buffer overflow in all PHP version 4.* and 5.*
but not on PHP 7.*

Test script:
$string = '';
for ($i = 0; $i < 10000; $i++) {
    $string .= chr(rand(65, 122));
echo "Calling preg_match_all()\n";
preg_match_all('/(\D|3)*/', $string, $matches);

echo "It didn't broke php\n";

Expected result:
Calling preg_match_all()
It didn't broke php

Actual result:
Calling preg_match_all()

Segmentation fault


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2018-04-27 14:37 UTC] drealecs at gmail dot com
 [2018-04-27 14:41 UTC] spam2 at rhsoft dot net
> There seems to be a buffer overflow in all 
> PHP version 4.* and 5.* but not on PHP 7.*

so why do you bother to write a new bugreport at 2018-04-27 given that the only 2 supported versions are 7.1 and 7.2?
 [2018-04-27 14:47 UTC]
-Status: Open +Status: Wont fix
 [2018-04-27 14:47 UTC]
This is a classical PCRE stack overflow. PHP 7 is not affected because it uses PCRE JIT by default. The crash can still be reproduced under pcre.jit=0. On PHP 7.3 the issue has been resolved entirely as part of the upgrade to PCRE2, which moved to a non-recursive implementation of the non-JIT matcher in version 10.30.

In any case, PHP 5 is no longer supported for non-security issues and this is not a security issue.
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Thu Jan 20 03:03:35 2022 UTC