https://bugs.exim.org/show_bug.cgi?id=1803
--- Comment #33 from Zoltan Herczeg <[email protected]> --- > I grabbed a lot of gdb output just now, trying to narrow down when > size_offsets location gets trashed to 0. I noticed that offsetcount does, > inside one of the jit functions, get set to 2, but it's back to 3 in the > caller, until it returns to the PHP code. At which point size_offsets has > been set to 0... I'm going to put a watchpoint on the address of > size_offsets to see if I can see what actually is writing to it. Thank you, I check it. What I still don't get, if size_offsets is zero, and count is zero if (count == 0) { php_error_docref(NULL,E_NOTICE, "Matched, but too many substrings"); count = size_offsets/3; } then count should be still zero after this point, how could this be true: if (count > 0 && (offsets[1] - offsets[0] >= 0)) Perhaps GCC is (too) clever here, and realized that size_offsets must be >= 3 since it is computed in the following way: size_offsets = (pce->capture_count + 1) * 3; and optimized out the count > 0 part. I saw such things before... -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/pcre-dev
