php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #76640 stack-overflow in match (ext/pcre/pcrelib/pcre_exec.c)
Submitted: 2018-07-18 18:02 UTC Modified: 2018-07-18 18:28 UTC
From: geeknik at protonmail dot ch Assigned:
Status: Not a bug Package: PCRE related
PHP Version: 7.2.7 OS: Debian 9 x64
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: geeknik at protonmail dot ch
New email:
PHP Version: OS:

 

 [2018-07-18 18:02 UTC] geeknik at protonmail dot ch
Description:
------------
./php-727 -r '$foo = "1HnyFwSJDjWFexD7oRr4HGTFwD8N6NsrfX"; $pattern = "[((?:(?(?<!):a?)+a?)+|\1)\8\C]u"; preg_match($pattern, $foo, $matches, PREG_OFFSET_CAPTURE, 3); print_r($matches);'

Increasing ulimit -s from the default of 8192 to 156275 seems to make this go away on a consistent basis. 

Expected result:
----------------
No crash.

Actual result:
--------------
==28465==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc87ca4ff8 (pc 0x0000006032f1 bp 0x7ffc87ca53c0 sp 0x7ffc87ca4fe0 T0)
    #0 0x6032f0 in match /root/php-7.2.7/ext/pcre/pcrelib/pcre_exec.c:516
    #1 0x60630b in match /root/php-7.2.7/ext/pcre/pcrelib/pcre_exec.c:1612:7
    #2 0x60a657 in match /root/php-7.2.7/ext/pcre/pcrelib/pcre_exec.c:1388:7
    #3 0x62c3d0 in match /root/php-7.2.7/ext/pcre/pcrelib/pcre_exec.c:2061:7
    #4 0x62c3d0 in match /root/php-7.2.7/ext/pcre/pcrelib/pcre_exec.c:2061:7
    **SNIP**
    #244 0x62c3d0 in match /root/php-7.2.7/ext/pcre/pcrelib/pcre_exec.c:2061:7
    #245 0x62c3d0 in match /root/php-7.2.7/ext/pcre/pcrelib/pcre_exec.c:2061:7
    #246 0x62c3d0 in match /root/php-7.2.7/ext/pcre/pcrelib/pcre_exec.c:2061:7
    #247 0x62c3d0 in match /root/php-7.2.7/ext/pcre/pcrelib/pcre_exec.c:2061:7
    #248 0x62c3d0 in match /root/php-7.2.7/ext/pcre/pcrelib/pcre_exec.c:2061:7

SUMMARY: AddressSanitizer: stack-overflow /root/php-7.2.7/ext/pcre/pcrelib/pcre_exec.c:516 in match
==28465==ABORTING

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-07-18 18:28 UTC] requinix@php.net
-Status: Open +Status: Not a bug
 [2018-07-18 18:28 UTC] requinix@php.net
Lower your pcre.recursion_limit.
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Mon May 23 03:05:45 2022 UTC