ID: 48153
Updated by: [email protected]
Reported By: raul dot gigea at directmedia dot de
Status: Bogus
Bug Type: PCRE related
Operating System: FreeBSD 7.1-RELEASE-p4
PHP Version: 5.2CVS-2009-05-06 (snap)
New Comment:
The mhash library is gone in 5.3 and replaced with a wrapper around the
hash library.
Can you try a 5.3 snapshot and see if you get the issue?
I should say I can't reproduce this on 5.2 on OSX with the same
configure like Jani used.
Previous Comments:
------------------------------------------------------------------------
[2009-05-06 22:18:19] raul dot gigea at directmedia dot de
By the way, the mhash lib version is 0.9.9.
------------------------------------------------------------------------
[2009-05-06 22:09:55] raul dot gigea at directmedia dot de
I already described this in my original bug report, but I'll try to be
more explicit:
As I described before, if I tune pcre.recursion_limit and
pcre.backtrack_limit, than I get no segfault, but neither do I get the
correct output. As an example, this code:
$contents = 'sud' . str_repeat('a', 1900) . 'bccess';
$contents = preg_replace('/d(a)+b/', '', $contents);
echo $contents
Segfaults if recursion_limit/backtrack_limit is too high. Prints
"success" if everything went well, and prints nothing if
recursion_limit is too low.
I can only get it to print nothing tuning those two parameters. ( over
backtrack_limit 2458 it crashes, below 2457 it doesn't print anything
). So it's a workaround the segfault, but you get another problem -
you don't get the wanted result.
I suspect the problem could be in the mhash library, and the way php
uses it, because it prints 'success' if I disable the mhash extension.
------------------------------------------------------------------------
[2009-05-06 21:20:01] [email protected]
You either have to increase the stack size or tune pcre.recursion_limit
and pcre.backtrack_limit properly.
------------------------------------------------------------------------
[2009-05-06 21:11:12] raul dot gigea at directmedia dot de
I already wrote that my stacksize was 64 MB. ulimit -s 1024 would
reduce it to only 1 MB. 64MB is the upper limit without recompiling
the kernel. And i don't think that this specific regex should eat up
64 MB of stack size ...
Anyway, here's the result:
% ulimit -s 1024
% ulimit -s
1024
% ./sapi/cli/php ~/test.php
zsh: segmentation fault (core dumped) ./sapi/cli/php ~/test.php
% ulimit -s 65535
% ulimit -s
65535
% ./sapi/cli/php ~/test.php
zsh: segmentation fault (core dumped) ./sapi/cli/php ~/test.php
% ulimit -s 65537
ulimit: value exceeds hard limit
------------------------------------------------------------------------
[2009-05-06 20:53:44] [email protected]
You need to increase the stack size. I tried with 'ulimit -s 1024' and
that does not crash..
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/48153
--
Edit this bug report at http://bugs.php.net/?id=48153&edit=1
