ID: 47907 Updated by: nlop...@php.net Reported By: tafkad at web dot de -Status: Open +Status: Bogus Bug Type: PCRE related Operating System: Linux Debian Lenny PHP Version: 5.2.9 New Comment:
It doesn't crash for me. It seems you need to increase the stack size (with ulimit -s). Previous Comments: ------------------------------------------------------------------------ [2009-04-06 13:02:29] tafkad at web dot de Description: ------------ I use a class(phpcc) to transform a searchstring into an SQL where clause. If it has many options like brackets or operators or if it is a very long string php ends in a segmentation fault. I've tested it with two php version 5.2.6 and 5.2.9. I use the cli version. I've created a test script with a for loop that generates a simple searchstatement with 2000 searchterms. If I run this script it crash. When I'll decrase the amount of searchterms to 1000 it will run clean. GDB shows preg_match as last execute, thats why I think there must be an error. The script uses a very huge amount of memory(I've configured php.ini with 1024M). php.ini changes from against default(debian) max_execution_time = 30000 ; 30 ; Maximum execution time of each script, in seconds max_input_time = 60000 ; 60 ; Maximum amount of time each script may spend parsing request data ;max_input_nesting_level = 64 ; Maximum input variable nesting level memory_limit = 1024M ; 32M ; Maximum amount of memory a script may consume (32MB) Active modules (php -m) [PHP Modules] bcmath,bz2,calendar,ctype,curl,date,dba,dbase,dom,exif,ffmpeg,filter,ftp,gd,gettext,hash,iconv,json,libxml,mbstring,mime_magic,mysql,mysqli,ncurses,openssl,pcntl,pcre,PDO,pdo_mysql,posix,readline,Reflection,session,shmop,SimpleXML,soap,sockets,SPL,standard,sysvmsg,sysvsem,sysvshm,tidy,tokenizer,wddx,xml,xmlreader,xmlwriter,zip,zlib Reproduce code: --------------- Code is to long. Under http://paste.root-zone.info/debug.tar.gz is a dir with the class and an testscript. Expected result: ---------------- Before the script can finish, php crashes. Actual result: -------------- #23 0x00000000004783db in match (eptr=0x0, ecode=0x107108e8 "'TESTSTR00001160' or OR_ID = 'TESTSTR00001161' or OR_ID = 'TESTSTR00001162' or OR_ID = 'TESTSTR00001163' or OR_ID = 'TESTSTR00001164' or OR_ID = 'TESTSTR00001165' or OR_ID = 'TESTSTR00001166' or OR_ID"..., mstart=0x200000000 <Address 0x200000000 out of bounds>, offset_top=32767, md=0x0, ims=15, eptrb=0x47a157, flags=0, rdepth=0) at /usr/src/php5/source/php5-5.2.9/ext/pcre/pcrelib/pcre_exec.c:1184 #24 0x000000000047a157 in match (eptr=0x1 <Address 0x1 out of bounds>, ecode=0x107108e8 "'TESTSTR00001160' or OR_ID = 'TESTSTR00001161' or OR_ID = 'TESTSTR00001162' or OR_ID = 'TESTSTR00001163' or OR_ID = 'TESTSTR00001164' or OR_ID = 'TESTSTR00001165' or OR_ID = 'TESTSTR00001166' or OR_ID"..., mstart=0x200000000 <Address 0x200000000 out of bounds>, offset_top=32767, md=0x0, ims=3, eptrb=0x4803f4, flags=0, rdepth=0) at /usr/src/php5/source/php5-5.2.9/ext/pcre/pcrelib/pcre_exec.c:714 #25 0x00000000004803f4 in match (eptr=0x2ed1fe5 "", ecode=0x107108e8 "'TESTSTR00001160' or OR_ID = 'TESTSTR00001161' or OR_ID = 'TESTSTR00001162' or OR_ID = 'TESTSTR00001163' or OR_ID = 'TESTSTR00001164' or OR_ID = 'TESTSTR00001165' or OR_ID = 'TESTSTR00001166' or OR_ID"..., mstart=0x27c2b71e0 <Address 0x27c2b71e0 out of bounds>, offset_top=32767, md=0x0, ims=45889320, eptrb=0x481f97, flags=0, rdepth=0) at /usr/src/php5/source/php5-5.2.9/ext/pcre/pcrelib/pcre_exec.c:2035 #26 0x0000000000481f97 in php_pcre_exec (argument_re=0x10716821, extra_data=0x2ed2016, subject=0x20 <Address 0x20 out of bounds>, length=275843303, start_offset=0, options=275843304, offsets=0x488020, offsetcount=275614368) at /usr/src/php5/source/php5-5.2.9/ext/pcre/pcrelib/pcre_exec.c:4844 #27 0x0000000000488020 in php_pcre_match_impl (pce=0x107108e8, subject=0x5f390048662f <Address 0x5f390048662f out of bounds>, subject_len=0, return_value=0x10718550, subpats=0xc106f7fd0, global=0, use_flags=4753947, flags=0, start_offset=0) at /usr/src/php5/source/php5-5.2.9/ext/pcre/php_pcre.c:621 #28 0x0000000000488a1b in php_do_pcre_match (ht=3, return_value=0x106f7fd0, return_value_ptr=0x7fff7c2b31a0, this_ptr=0x7fff7c2b31b0, return_value_used=2083222224, global=0) at /usr/src/php5/source/php5-5.2.9/ext/pcre/php_pcre.c:513 #29 0x00000000006c01ad in zend_do_fcall_common_helper_SPEC (execute_data=0x7fff7c2b7b60) at /usr/src/php5/source/php5-5.2.9/Zend/zend_vm_execute.h:200 #30 0x00000000006ac6a4 in execute (op_array=0x2be9420) at /usr/src/php5/source/php5-5.2.9/Zend/zend_vm_execute.h:92 #31 0x00000000006bfabe in zend_do_fcall_common_helper_SPEC (execute_data=0x7fff7c2b8410) at /usr/src/php5/source/php5-5.2.9/Zend/zend_vm_execute.h:234 #32 0x00000000006ac6a4 in execute (op_array=0x2bbd4e8) at /usr/src/php5/source/php5-5.2.9/Zend/zend_vm_execute.h:92 #33 0x00000000006bfabe in zend_do_fcall_common_helper_SPEC (execute_data=0x7fff7c2b9110) at /usr/src/php5/source/php5-5.2.9/Zend/zend_vm_execute.h:234 #34 0x00000000006ac6a4 in execute (op_array=0x2be08b8) at /usr/src/php5/source/php5-5.2.9/Zend/zend_vm_execute.h:92 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=47907&edit=1