ID: 45368 Updated by: [EMAIL PROTECTED] Reported By: Sjon at react dot com -Status: Open +Status: Feedback -Bug Type: Reproducible crash +Bug Type: PCRE related Operating System: Linux PHP Version: 5.2.6 New Comment:
Please try http://snaps.php.net/php5.2-latest.tar.gz as some PCRE patche s were backported from PHP 5.3 yesterday. Previous Comments: ------------------------------------------------------------------------ [2008-08-03 14:27:26] Sjon at react dot com I have tried to reproduce this bug with php5.3-200808031230; and the script (still, as already tested by [EMAIL PROTECTED]) doesn't crash and behaves as expected. ------------------------------------------------------------------------ [2008-06-26 14:58:23] [EMAIL PROTECTED] Reproduced in PHP 5.2.7-dev (cli) (built: Jun 6 2008 12:12:11) 5.3 and HEAD are OK. ------------------------------------------------------------------------ [2008-06-26 14:51:54] sjon at react dot com The correct URL is not http://home.parse.nl/~sjon/bug-reports/php/meukee.php but http://home.parse.nl/~sjon/bug-reports/php/meukee.txt ------------------------------------------------------------------------ [2008-06-26 13:49:08] Sjon at react dot com Description: ------------ I have been working many hours to strip a 15000+ lines crashing script to a short and reproducible crash; so here it is. Unfortunately the code is still quite long, but anything I change will fix it, including the non-used function arguments. This code (still) crashes in php5.2-200806261230; so I hope someone might be able to fix this. I know that the cause of the problem is that e->f calls a non-existing callback function ('e', 'x'); Reproduce code: --------------- The bug can only be reproduced by downloading both http://home.parse.nl/~sjon/bug-reports/php/waa.txt and http://home.parse.nl/~sjon/bug-reports/php/meukee.php ; rename them both to .php and run 'waa.php' Expected result: ---------------- Just the error 'preg_replace_callback(): Requires argument 2, 'e::x', to be a valid callback' Actual result: -------------- #0 0x080aa31a in preg_replace_impl (ht=3, return_value=0x895a888, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1, is_callable_replace=1 '\001') at /tmp/php5.2-200806261230/ext/pcre/php_pcre.c:1283 #1 0x080aaa08 in zif_preg_replace_callback (ht=3, return_value=0x895a888, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /tmp/php5.2-200806261230/ext/pcre/php_pcre.c:1355 #2 0x0832fb58 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf9768d8) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:200 #3 0x0833535a in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbf9768d8) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:1679 #4 0x0832f6d8 in execute (op_array=0x895bdd8) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:92 #5 0x0832fcc7 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf976a78) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:234 #6 0x08330777 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbf976a78) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:322 #7 0x0832f6d8 in execute (op_array=0x895b9e8) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:92 #8 0x0832fcc7 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf976c38) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:234 #9 0x08330777 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbf976c38) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:322 ---Type <return> to continue, or q <return> to quit--- #10 0x0832f6d8 in execute (op_array=0x895fde8) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:92 #11 0x0832fcc7 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf976da8) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:234 #12 0x08330777 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbf976da8) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:322 #13 0x0832f6d8 in execute (op_array=0x8958be4) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:92 #14 0x082fe232 in zend_eval_string (str=0x8956c2c "$this->h('waa? meukee!');", retval_ptr=0xbf976ea4, string_name=0x8958b18 "/mnt/serve-a-lot/sjon/public_html/meukee.php(91) : regexp code") at /tmp/php5.2-200806261230/Zend/zend_execute_API.c:1195 #15 0x080a902e in preg_do_eval (eval_str=0x89589bc "$this->h('$0');", eval_str_len=15, subject=0x8958aa4 "waa? meukee!", offsets=0x8958ae0, count=1, result=0xbf976f28) at /tmp/php5.2-200806261230/ext/pcre/php_pcre.c:899 #16 0x080a950c in php_pcre_replace_impl (pce=0x8989e08, subject=0x8958aa4 "waa? meukee!", subject_len=12, replace_val=0x8958980, is_callable_replace=0, result_len=0xbf9770b4, limit=-1, replace_count=0x0) at /tmp/php5.2-200806261230/ext/pcre/php_pcre.c:1031 #17 0x080a91fe in php_pcre_replace (regex=0x8958a34 "/.+/se", regex_len=6, subject=0x8958aa4 "waa? meukee!", subject_len=12, replace_val=0x8958980, is_callable_replace=0, result_len=0xbf9770b4, limit=-1, replace_count=0x0) ---Type <return> to continue, or q <return> to quit--- at /tmp/php5.2-200806261230/ext/pcre/php_pcre.c:933 #18 0x080aa017 in php_replace_in_subject (regex=0x89589f8, replace=0x8958980, subject=0x89484dc, result_len=0xbf9770b4, limit=-1, is_callable_replace=0 '\0', replace_count=0x0) at /tmp/php5.2-200806261230/ext/pcre/php_pcre.c:1233 #19 0x080aa92f in preg_replace_impl (ht=3, return_value=0x8958944, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1, is_callable_replace=0 '\0') at /tmp/php5.2-200806261230/ext/pcre/php_pcre.c:1331 #20 0x080aa9d1 in zif_preg_replace (ht=3, return_value=0x8958944, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /tmp/php5.2-200806261230/ext/pcre/php_pcre.c:1347 #21 0x0832fb58 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf977398) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:200 #22 0x0833535a in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbf977398) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:1679 #23 0x0832f6d8 in execute (op_array=0x895f64c) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:92 #24 0x0832fcc7 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf977628) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:234 #25 0x08330777 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbf977628) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:322 #26 0x0832f6d8 in execute (op_array=0x895f64c) ---Type <return> to continue, or q <return> to quit--- at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:92 #27 0x0832fcc7 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf9777a8) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:234 #28 0x08330777 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbf9777a8) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:322 #29 0x0832f6d8 in execute (op_array=0x895ea98) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:92 #30 0x0832fcc7 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf977918) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:234 #31 0x08330777 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbf977918) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:322 #32 0x0832f6d8 in execute (op_array=0x895e888) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:92 #33 0x0832fcc7 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf977af8) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:234 #34 0x08330777 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbf977af8) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:322 #35 0x0832f6d8 in execute (op_array=0x895c1f4) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:92 #36 0x0832fcc7 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf977c88) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:234 #37 0x08330777 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbf977c88) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:322 ---Type <return> to continue, or q <return> to quit--- #38 0x0832f6d8 in execute (op_array=0x895ec08) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:92 #39 0x0832fcc7 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf977e38) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:234 #40 0x08330777 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbf977e38) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:322 #41 0x0832f6d8 in execute (op_array=0x895df68) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:92 #42 0x0832fcc7 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf978038) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:234 #43 0x08330777 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbf978038) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:322 #44 0x0832f6d8 in execute (op_array=0x895b708) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:92 #45 0x0832fcc7 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf978218) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:234 #46 0x08330777 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbf978218) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:322 #47 0x0832f6d8 in execute (op_array=0x89561b8) at /tmp/php5.2-200806261230/Zend/zend_vm_execute.h:92 #48 0x0830ab2a in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /tmp/php5.2-200806261230/Zend/zend.c:1134 #49 0x082ba6d4 in php_execute_script (primary_file=0xbf97a5a0) ---Type <return> to continue, or q <return> to quit--- at /tmp/php5.2-200806261230/main/main.c:2007 #50 0x083859cf in main (argc=2, argv=0xbf97a6e4) at /tmp/php5.2-200806261230/sapi/cli/php_cli.c:1140 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=45368&edit=1