php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #78674 Upgrade bundled PCRE from 10.32 to 10.34 to fix some bugs
Submitted: 2019-10-15 12:43 UTC Modified: 2020-01-25 21:40 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: tom60 at op dot pl Assigned: ab (profile)
Status: Closed Package: PCRE related
PHP Version: 7.3.10 OS: Linux
Private report: No CVE-ID: None
 [2019-10-15 12:43 UTC] tom60 at op dot pl
Description:
------------
PCRE 10.34 fixes some important bugs, including:

If a lookbehind contained a lookahead that contained another lookbehind within it, the nested lookbehind was not correctly processed. For example, if /(?<=(?=(?<=a)))b/ was matched to "ab" it gave no match instead of matching "b".

It would be nice to upgrade the version bundled with PHP to avoid this problem.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-10-30 11:51 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2019-10-30 11:51 UTC] cmb@php.net
Where is PCRE 10.34 available?
 [2019-11-10 04:22 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 [2019-11-11 01:54 UTC] fgfgfgfg at somewhere dot com
while 10.34 is nosense therse is 10.33 available for a long time at https://ftp.pcre.org/pub/pcre/ and distributions carry a ton of patches on top even to that version
 [2019-11-11 01:57 UTC] fgfgfgfg at somewhere dot com
you can find 10.34 here: https://ftp.pcre.org/pub/pcre/Testing/

and here you get some picture about the issues in 10.33 and i doubt 10.32 is ina better shape

* Di Okt 29 2019 Petr Pisar <ppisar@redhat.com> - 10.33-15
- Fix a use after free when freeing JIT memory (upstream bug #2453)
- Fix thread-safeness in regexec() (upstream bug #2447)

* Mo Sep 09 2019 Petr Pisar <ppisar@redhat.com> - 10.33-14
- Fix a crash in JIT match when a subject has a zero length and an invalid
  pointer (upstream bug #2440)

* Di Aug 27 2019 Petr Pisar <ppisar@redhat.com> - 10.33-13
- Readd a fix for a mismatch with a lookbehind within a lookahead within
  a lookbehind and fix the regression in matching a lookbehind after
  a condition (bug #1743863)

* Mo Aug 26 2019 Petr Pisar <ppisar@redhat.com> - 10.33-12
- Revert a fix for a mismatch with a lookbehind within a lookahead within
  a lookbehind (bug #1743863)

* Mo Aug 12 2019 Petr Pisar <ppisar@redhat.com> - 10.33-11
- Fix reporting rightmost consulted characters

* Mo Aug 05 2019 Petr Pisar <ppisar@redhat.com> - 10.33-10
- Fix an incorrect computation of a group length when a branch exceeds 65535
  (upstream bug #2428)
- Use HTTPS protocol in URL metadata

* Mo Jul 22 2019 Petr Pisar <ppisar@redhat.com> - 10.33-9
- Fix a recursion in compiling an expression with a lookbehind within a
  lookahead (upstream bug #2412)

* Mi Jul 17 2019 Petr Pisar <ppisar@redhat.com> - 10.33-8
- Fix a mismatch with a lookbehind within a lookahead within a lookbehind
  (upstream bug #2412)

* Do Jul 11 2019 Petr Pisar <ppisar@redhat.com> - 10.33-7
- Fix an integer overflow when checking a lookbehind length

* Mi Jul 03 2019 Petr Pisar <ppisar@redhat.com> - 10.33-6
- Fix a DFA to recognize a partial match if the end of a subject is encountered
  in a lookahead, an atomic group, or a recursion

* Do Jun 20 2019 Petr Pisar <ppisar@redhat.com> - 10.33-5
- Do not ignore {1} quantifier when it is applied to a non-possessive group
  with more alternatives

* Mo Jun 17 2019 Petr Pisar <ppisar@redhat.com> - 10.33-4
- Fix a non-JIT match to return (*MARK) names from a successful conditional
  assertion
- Fix pcre2grep --only-matching output when number of capturing groups exceeds
  32 (upstream bug #2407)

* Mo Mai 13 2019 Petr Pisar <ppisar@redhat.com> - 10.33-3
- Correct a misspelling in a documentation
- Fix a crash when \X is used without UTF mode in a JIT (upstream bug #2399)

* Mo Mai 06 2019 Petr Pisar <ppisar@redhat.com> - 10.33-2
- Validate number of capturing parentheses

* Di Apr 16 2019 Petr Pisar <ppisar@redhat.com> - 10.33-1
- 10.33 bump
 [2019-11-19 08:58 UTC] cmb@php.net
-Status: No Feedback +Status: Open -Assigned To: cmb +Assigned To:
 [2019-11-19 08:58 UTC] cmb@php.net
Thanks for the feedback, and sorry, that I missed that!
 [2019-11-20 15:34 UTC] tom60 at op dot pl
Sorry for a delayed response. The bug I mentioned is fixed in PCRE2 10.34:

https://vcs.pcre.org/pcre2/code/trunk/ChangeLog?view=markup&pathrev=1133

"19. If a lookbehind contained a lookahead that contained another lookbehind within it, the nested lookbehind was not correctly processed. For example, if	/(?<=(?=(?<=a)))b/ was matched to "ab" it gave no match instead of matching "b"."

This version is still a release candidate, but hopefully will be released soon.
 [2019-11-22 11:10 UTC] tom60 at op dot pl
PCRE2 10.34 has just been released:

https://ftp.pcre.org/pub/pcre/
https://ftp.pcre.org/pub/pcre/pcre2-10.34.tar.gz
 [2020-01-25 21:40 UTC] ab@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: ab
 [2020-01-25 21:40 UTC] ab@php.net
Fixed in master.

Thanks.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sat Aug 08 11:01:23 2020 UTC