php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77300 Incorrect preg_replace_callback() result when using FILTER_VALIDATE_REGEXP
Submitted: 2018-12-14 22:37 UTC Modified: 2018-12-23 04:22 UTC
From: phpwnd at gmail dot com Assigned:
Status: No Feedback Package: PCRE related
PHP Version: 7.3.0 OS: Gentoo
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2018-12-14 22:37 UTC] phpwnd at gmail dot com
Description:
------------
I'm getting incorrect results from preg_replace_callback() on PHP 7.3.0 when it fulfills the following conditions:

 - preg_replace_callback's input must contain at least 2 matches.
 - preg_replace_callback's callback must call filter_var() with FILTER_VALIDATE_REGEXP and filter_var's regexp must match its input.

From what I can tell, preg_replace_callback() keeps looping through matches internally (it requires at least 2 matches to trigger) and keeps doing replacements until it reaches its match limit or runs out of resources.

I wasn't able to reproduce this behaviour on a secondary machine, so there may be a platform-specific component to it. No issue on PHP 7.2.x


--------------------

PHP 7.3.0 (cli) (built: Dec 13 2018 08:57:16) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.3.0-dev, Copyright (c) 1998-2018 Zend Technologies

Configure Command =>  './configure'  '--prefix=/usr' '--build=x86_64-pc-linux-gnu' '--host=x86_64-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--docdir=/usr/share/doc/php-7.3.0' '--htmldir=/usr/share/doc/php-7.3.0/html' '--prefix=/usr/lib64/php7.3' '--mandir=/usr/lib64/php7.3/man' '--infodir=/usr/lib64/php7.3/info' '--libdir=/usr/lib64/php7.3/lib' '--with-libdir=lib64' '--localstatedir=/var' '--without-pear' '--disable-maintainer-zts' '--with-password-argon2=/usr' '--disable-bcmath' '--without-bz2' '--disable-calendar' '--disable-gcov' '--enable-ctype' '--with-curl=/usr' '--enable-dom' '--without-enchant' '--disable-exif' '--enable-fileinfo' '--enable-filter' '--disable-ftp' '--without-gettext' '--without-gmp' '--enable-hash' '--without-mhash' '--with-iconv' '--enable-intl' '--disable-ipv6' '--enable-json' '--without-kerberos' '--enable-libxml' '--with-libxml-dir=/usr' '--enable-mbstring' '--with-onig=/usr' '--with-openssl=/usr' '--with-openssl-dir=/usr' '--disable-pcntl' '--enable-phar' '--enable-pdo' '--enable-opcache' '--without-pgsql' '--disable-posix' '--without-pspell' '--without-recode' '--enable-simplexml' '--disable-shmop' '--without-snmp' '--disable-soap' '--disable-sockets' '--without-sodium' '--with-sqlite3=/usr' '--disable-sysvmsg' '--disable-sysvsem' '--disable-sysvshm' '--without-tidy' '--enable-tokenizer' '--disable-wddx' '--enable-xml' '--enable-xmlreader' '--enable-xmlwriter' '--with-xmlrpc' '--with-xsl=/usr' '--enable-zip' '--without-libzip' '--with-zlib=/usr' '--disable-debug' '--enable-dba' '--without-cdb' '--without-db4' '--disable-flatfile' '--without-gdbm' '--enable-inifile' '--without-qdbm' '--without-lmdb' '--without-freetype-dir' '--disable-gd-jis-conv' '--with-jpeg-dir=/usr' '--with-png-dir=/usr' '--without-xpm-dir' '--with-gd' '--without-interbase' '--with-mysqli=mysqlnd' '--with-mysql-sock=/var/run/mysqld/mysqld.sock' '--without-unixODBC' '--without-iodbc' '--without-oci8' '--without-pdo-dblib' '--with-pdo-mysql=mysqlnd' '--without-pdo-pgsql' '--with-pdo-sqlite=/usr' '--without-pdo-firebird' '--without-pdo-odbc' '--without-pdo-oci' '--with-readline=/usr' '--without-libedit' '--without-mm' '--with-pic' '--with-pcre-regex=/usr' '--with-pcre-dir=/usr' '--without-pcre-valgrind' '--without-pcre-jit' '--cache-file=/var/tmp/portage/dev-lang/php-7.3.0/temp/config.cache' '--with-config-file-path=/etc/php/cli-php7.3' '--with-config-file-scan-dir=/etc/php/cli-php7.3/ext-active' '--disable-embed' '--enable-cli' '--disable-cgi' '--disable-fpm' '--without-apxs2' '--disable-phpdbg' 'build_alias=x86_64-pc-linux-gnu' 'host_alias=x86_64-pc-linux-gnu' 'CPPFLAGS='

PCRE Library Version => 10.32 2018-09-10
PCRE Unicode Version => 11.0.0
PCRE JIT Support => not compiled in
pcre.backtrack_limit => 1000000 => 1000000
pcre.recursion_limit => 100000 => 100000


Test script:
---------------
<?php

function cb()
{
	filter_var('', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => '//']]);
	return '.';
}
var_dump(preg_replace_callback('/./', 'cb', 'xx', 10));


Expected result:
----------------
string(2) ".."



Actual result:
--------------
string(12) "..........xx"


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-12-14 22:44 UTC] requinix@php.net
-Status: Open +Status: Feedback
 [2018-12-14 22:44 UTC] requinix@php.net
Likely a duplicate of bug #77193, which will be fixed for 7.3.1. Can you try with a build using the PHP-7.3 branch?
 [2018-12-23 04:22 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 [2019-01-05 00:24 UTC] phpwnd at gmail dot com
I don't think I will have time to manually build the latest PHP-7.3 before 7.3.1 is officially released, but I'll re-run the test case on 7.3.1 as soon as it's available.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 15:01:22 2019 UTC