ID: 45546
Comment by: jdc at parodius dot com
Reported By: kaiser at macbureau dot de
Status: No Feedback
Bug Type: PCRE related
Operating System: FreeBSD 7
PHP Version: 5.2.6
New Comment:
This bug still exists in PHP 5.2.8, which uses its own bundled version
of pcre. FreeBSD 7.1-STABLE is being used here.
I have a customer who is experiencing this problem on a near-daily
basis (logs showing httpd SIGILL regularly).
I can induce a signal 11 from the shell (using PHP CLI) executing the
code provided by "hempalex at gmail dot com" as well as the code
provided by "kaiser at macbureau dot de". The comment from "ale at
FreeBSD.org" also applies -- the value given to str_repeat() does in
fact play a role.
But when run from within Apache (2.2.11 using mod_php), signal 4
(illegal instruction) happens. I'm not sure why from within Apache it's
SIGILL but from the command-line it's SIGSEGV.
Increasing pcre.backtrack_limit and pcre.recursion_limit does not help.
Decreasing them also does not help.
I'd like to urge the PHP folks to take this problem seriously. There
are many of us using FreeBSD who would be more than happy to give you an
account on a development/test system for you to work out the source of
this problem.
Previous Comments:
------------------------------------------------------------------------
[2008-09-26 16:17:20] nlop...@php.net
again I cannot reproduce this problem. Try to adjust
pcre.backtrack_limit and pcre.recursion_limit to some sane values.
------------------------------------------------------------------------
[2008-09-26 09:17:06] ale at FreeBSD dot org
The feedback was provided.
In any case the above script works if the string length is <= 2243 and
stops working if > 2243 'a' chars.
------------------------------------------------------------------------
[2008-07-27 01:00:01] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
------------------------------------------------------------------------
[2008-07-25 13:45:15] hempalex at gmail dot com
I reproduced this on FreeBSD 7.0 + Apache/2.2.9 + PHP/5.2.6 (bundled
prce)
script:
<?php
$str = str_repeat('a', 10000);
$utf8 =
(preg_match("/^([\x09\x0A\x0D\x20-\x7E]|[\xC2-\xDF][\x80-\xBF]|\xE0[\xA0-\xBF][\x80-\xBF]|[\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}|\xED[\x80-\x9F][\x80-\xBF]|\xF0[\x90-\xBF][\x80-\xBF]{2}|[\xF1-\xF3][\x80-\xBF]{3}|\xF4[\x80-\x8F][\x80-\xBF]{2})*$/",
$str)) ? "yes" : "no";
echo $utf8;
?>
mod_php:
in apache logs: [notice] child pid 54586 exit signal Illegal
instruction (4)
in cli works fine!
------------------------------------------------------------------------
[2008-07-22 23:08:28] nikolas dot hagelstein at gmail dot com
Confirmed.
System:
FreeBSD 7
PHP 5.2.6 (PCRE Library Version => 7.6 2008-01-28)
stack size (kbytes, -s) 524288
Backtrace:
#6216 0x000000080407a494 in match () from
/usr/local/lib/php/20060613/pcre.so
#
#6217 0x000000080407701c in match () from
/usr/local/lib/php/20060613/pcre.so
#
#6218 0x000000080407a494 in match () from
/usr/local/lib/php/20060613/pcre.so
#
#6219 0x000000080407701c in match () from
/usr/local/lib/php/20060613/pcre.so
#
#6220 0x0000000804076d05 in match () from
/usr/local/lib/php/20060613/pcre.so
#
#6221 0x000000080407f12f in php_pcre_exec ()
#
from /usr/local/lib/php/20060613/pcre.so
#
#
#6222 0x0000000804084c02 in php_pcre_match_impl ()
#
from /usr/local/lib/php/20060613/pcre.so
#
#6223 0x000000080408569b in php_do_pcre_match ()
#
from /usr/local/lib/php/20060613/pcre.so
#
#6224 0x0000000000538912 in zend_do_fcall_common_helper_SPEC ()
#
#6225 0x0000000000528603 in execute ()
#
#6226 0x00000000005383a4 in zend_do_fcall_common_helper_SPEC ()
#
#6227 0x0000000000528603 in execute ()
#
#6228 0x0000000000508dd3 in zend_execute_scripts ()
#
#6229 0x00000000004c5a5d in php_execute_script ()
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/45546
--
Edit this bug report at http://bugs.php.net/?id=45546&edit=1
