Edit report at http://bugs.php.net/bug.php?id=54926&edit=1
ID: 54926 User updated by: wim at godden dot net Reported by: wim at godden dot net Summary: preg_match causes segfault with specific subject Status: Open Type: Bug Package: PCRE related Operating System: Solaris 10 PHP Version: 5.3.6 Block user comment: N Private report: N New Comment: We discovered the cause... not due to PHP, but purely due to the fact that PCRE doesn't respect PHP memory limits. The Apache installation was running in worker MPM model, not in prefork model and that apparently caused the issue. We switched to prefork and everything works fine now. Previous Comments: ------------------------------------------------------------------------ [2011-05-25 15:20:17] wim at godden dot net Description: ------------ A customer page (system made in Drupal) was causing segfaults. After much debugging, I found this line to cause it : $contents = preg_replace('< \s*([@{}:;,]|\)\s|\s\()\s* | # Remove whitespace around separators, but keep space around parentheses. /\*([^*\\\\]|\*(?!/))+\*/ | # Remove comments that are not CSS hacks. [\n\r] # Remove line breaks. >x', '\1', $contents); The $contents was a CSS file. After experimenting, it turns out that opening a comment string (/*) followed by 1815 characters segfaults Apache. The same script runs perfectly fine when run from CLI, but segfaults on Apache 2.2. It also runs well on several Linux environments tested. Test script: --------------- PHP-file : <?php $contents = file_get_contents('temp.css'); $contents = preg_replace('< \s*([@{}:;,]|\)\s|\s\()\s* | # Remove whitespace around separators, but keep space around parentheses. /\*([^*\\\\]|\*(?!/))+\*/ | # Remove comments that are not CSS hacks. [\n\r] # Remove line breaks. >x', '\1', $contents); echo $contents; CSS-file : /* 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890 123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345 Expected result: ---------------- string(1797) "/*123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567 8901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345" Actual result: -------------- In Apache error log : [notice] child pid 16531 exit signal Segmentation fault (11) Backtrace is very hard to provide at this point, due to unavailability of a 64bit gdb on Solaris 10. Will try to add. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=54926&edit=1