Edit report at https://bugs.php.net/bug.php?id=60843&edit=1
ID: 60843
Updated by: paj...@php.net
Reported by: ruben dot cheng at gmail dot com
Summary: preg_split crash
Status: Bogus
Type: Bug
Package: PCRE related
Operating System: Windows 7x64
PHP Version: 5.3.6 and later
Block user comment: N
Private report: N
New Comment:
As I said earlier, ask the hoster to increase the stack of Apache. It can be
done
via the httpd config or EDITBIN (see MSDN).
But there is nothing PHP can do, PHP itself has a large enough stack but it is
limited by Apache's one.
Previous Comments:
------------------------------------------------------------------------
[2012-01-23 05:20:00] ruben dot cheng at gmail dot com
I have tested this under several environment and seems to be related to windows
platform. Here a results:
* Linux ubuntu LTS x86, PHP 5.3.2: OK
* Linux opensuse 11.2 x64, PHP 5.3.3: OK
* Linux unknown (provider-production), PHP 5.3.6: OK
* Windows 7x64. Apache 2.2.21 x64 (ApacheLounge). PHP 5.3.6 x64 (anindya): Crash
* Windows 7x64. Apache 2.2.21 x64 (ApacheLounge). PHP 5.3.9 x64 (anindya): Crash
* Windows 7x64. Apache 2.2.21 x64 (anindya). PHP 5.3.6 x64 (anindya): Crash
* Windows 7x64. Apache 2.2.21 x64 (anindya). PHP 5.3.9 x64 (anindya): Crash
* Windows 7x64. Apache 2.2.21 x32 (ApacheLounge). PHP 5.3.9 x32 (PHP.net): Crash
If I run the same script under cli on Windows instead from browser It doesn't
crash.
PHP is loaded as module (except provider server)
Another think strange. The script doesn't crash on Windows if there few SQL
sentences. It seems to be a preg_split pattern overflow.
I tried each SQL of the $query variable from the start, and it crashes after
appeding the 8th SQL sentence
By the way, how can I increase the stack ?
------------------------------------------------------------------------
[2012-01-22 22:54:18] paj...@php.net
Ask your host to increase the stack and to update as well.
------------------------------------------------------------------------
[2012-01-22 22:40:18] ruben dot cheng at gmail dot com
Description:
------------
I was running a preg_split to split a string by ";" (taking care not to split
enclosed ";" of SQL sentence) results a preg_split crash without notice and
error.
The test script is only 3 lines.
I'm using PHP 5.3.6, cannot upgrade because the hosting is stuck at this
version.
Test script:
---------------
<?php
$query="BEGIN;INSERT INTO pending (commands,comments) VALUES ('INSERT INTO
updates (lang_id,date,description,update_type) VALUES (\\'3\\',now(),\\'{929}
[j|bbcv100bsf-aa04r] ([data|b|date|bbcv100bsf-aa04r]). {909} \\\"Z03269\\\".
{426}
[is|photocred|121]\\',\\'23\\')','admin_modules_banknote_known_serie_prefix');INSERT
INTO pending (commands,comments) VALUES ('INSERT INTO updates
(lang_id,date,description,update_type) VALUES (\\'3\\',now(),\\'{929}
[j|bbcv100bsf-aa04-k8] ([data|b|date|bbcv100bsf-aa04-k8]). {909} \\\"K81\\\".
{426}
[is|photocred|22]\\',\\'23\\')','admin_modules_banknote_known_serie_prefix');INSERT
INTO pending (commands,comments) VALUES ('INSERT INTO updates
(lang_id,date,description,update_type) VALUES (\\'3\\',now(),\\'{929}
[j|bbcv50bsf-aa03-h8] ([data|b|date|bbcv50bsf-aa03-h8]). {934}
\\\"H00035502\\\" - \\\"H88998045\\\" {431} \\\"H00024933\\\" -
\\\"H88998045\\\".\\',\\'6\\')','admin_modules_banknote_edit');INSERT INTO
pending (commands,comments) VALUES ('INSERT INTO updates
(lang_id,date,description,update_type) VALUES (\\'3\\',now(),\\'{929}
[j|bbcv50bsf-ab01-e8] ([data|b|date|bbcv50bsf-ab01-e8]). {909} \\\"E03\\\",
\\\"E07\\\", \\\"E71\\\", \\\"E21\\\" {221}
\\\"E63\\\".\\',\\'23\\')','admin_modules_banknote_known_serie_prefix_batch');INSERT
INTO pending (commands,comments) VALUES ('INSERT INTO updates
(lang_id,date,description,update_type) VALUES (\\'3\\',now(),\\'{929}
[j|bbcv100bsf-ab01-c8] ([data|b|date|bbcv100bsf-ab01-c8]). {934}
\\\"C00676969\\\" - \\\"C70385093\\\" {431} \\\"C00676969\\\" -
\\\"C70399841\\\".\\',\\'6\\')','admin_modules_banknote_edit');INSERT INTO
pending (commands,comments) VALUES ('INSERT INTO updates
(lang_id,date,description,update_type) VALUES (\\'3\\',now(),\\'{929}
[j|bbcv100bsf-aa03-d8] ([data|b|date|bbcv100bsf-aa03-d8]). {934}
\\\"D03771810\\\" - \\\"D40549699\\\" {431} \\\"D03771810\\\" -
\\\"D04574964\\\".\\',\\'6\\')','admin_modules_banknote_edit');INSERT INTO
pending (commands,comments) VALUES ('INSERT INTO updates
(lang_id,date,description,update_type) VALUES (\\'3\\',now(),\\'{929}
[j|bbcv100bsf-aa03-c8] ([data|b|date|bbcv100bsf-aa03-c8]). {934}
\\\"C72902534\\\" - \\\"C89173970\\\" {431} \\\"C72902534\\\" -
\\\"C89255430\\\".\\',\\'6\\')','admin_modules_banknote_edit');INSERT INTO
pending (commands,comments) VALUES ('INSERT INTO updates
(lang_id,date,description,update_type) VALUES (\\'3\\',now(),\\'{929}
[j|bbcv100bsf-aa04-l8] ([data|b|date|bbcv100bsf-aa04-l8]). {909}
\\\"L23\\\".\\',\\'23\\')','admin_modules_banknote_known_serie_prefix_batch');INSERT
INTO pending (commands,comments) VALUES ('INSERT INTO updates
(lang_id,date,description,update_type) VALUES (\\'3\\',now(),\\'{805}
[g|bbcv100bsf] {812} {813} [j|bbcv100bsf-aa03-e8], {814}
\\\"[data|b|date|bbcv100bsf-aa03-e8]\\\", serie [j|bbcv100bsf-aa03-e8|E8] {221}
{808} [g|bbcv100bsf-aa]. {815} #2 {817} [j|bbcv100bsf-aa03-e8,e2]. {356}
[is|photocred|74] {358}\\',\\'20\\')','admin_modules_banknote_add');INSERT INTO
pending (commands,comments) VALUES ('INSERT INTO updates
(lang_id,date,description,update_type) VALUES (\\'3\\',now(),\\'{929}
[j|bbcv100bsf-aa03-e8,e2]: {481} \\\"E56874656\\\" {943}. {356}
[is|photocred|74]\\',\\'10\\')','admin_modules_banknote_known_piece_edit');INSERT
INTO pending (commands,comments) VALUES ('INSERT INTO updates
(lang_id,date,description,update_type) VALUES (\\'3\\',now(),\\'{805}
[g|bbcv50bsf] {812} {813} [j|bbcv50bsf-aa03-j8], {814}
\\\"[data|b|date|bbcv50bsf-aa03-j8]\\\", serie [j|bbcv50bsf-aa03-j8|J8] {221}
{808} [g|bbcv50bsf-aa]. {816} {817} [j|bbcv50bsf-aa03-j8,e]. {356}
[is|photocred|121] {358}\\',\\'20\\')','admin_modules_banknote_add');INSERT
INTO pending (commands,comments) VALUES ('INSERT INTO updates
(lang_id,date,description,update_type) VALUES (\\'3\\',now(),\\'{929}
[j|bbcv50bsf-aa03-j8,e]: {481} \\\"J29933200\\\" {943}. {356}
[is|photocred|121]\\',\\'10\\')','admin_modules_banknote_known_piece_edit');INSERT
INTO pending (commands,comments) VALUES ('INSERT INTO updates
(lang_id,date,description,update_type) VALUES (\\'3\\',now(),\\'{805}
[g|bbcv50bsf] {812} {813} [j|bbcv50bsf-aa01-b8], {814}
\\\"[data|b|date|bbcv50bsf-aa01-b8]\\\", serie [j|bbcv50bsf-aa01-b8|B8] {221}
{808} [g|bbcv50bsf-aa]. {815} #4 {817} [j|bbcv50bsf-aa01-b8,e4]. {356}
[is|photocred|121] {358}\\',\\'20\\')','admin_modules_banknote_add');INSERT
INTO pending (commands,comments) VALUES ('INSERT INTO updates
(lang_id,date,description,update_type) VALUES (\\'3\\',now(),\\'{805}
[g|bbcv2bsf] {812} {813} [j|bbcv2bsf-aa01-b8], {814}
\\\"[data|b|date|bbcv2bsf-aa01-b8]\\\", serie [j|bbcv2bsf-aa01-b8|B8] {221}
{808} [g|bbcv2bsf-aa]. {816} {817} [j|bbcv2bsf-aa01-b8,e]. {356}
[is|photocred|74] {358}\\',\\'20\\')','admin_modules_banknote_add');INSERT INTO
pending (commands,comments) VALUES ('INSERT INTO updates
(lang_id,date,description,update_type) VALUES (\\'3\\',now(),\\'{929}
[j|bbcv500bs-ea04r] ([data|b|date|bbcv500bs-ea04r]). {934} \\\"A00000389A\\\" -
\\\"A01200000A\\\" {431} \\\"A00000001A\\\" -
\\\"A01200000A\\\".\\',\\'8\\')','admin_modules_banknote_edit');INSERT INTO
pending (commands,comments) VALUES ('INSERT INTO updates
(lang_id,date,description,update_type) VALUES (\\'3\\',now(),\\'{929}
[j|bbcv2bsf-aa01-c8] ([data|b|date|bbcv2bsf-aa01-c8]). {909}
\\\"C78\\\".\\',\\'23\\')','admin_modules_banknote_known_serie_prefix_batch');INSERT
INTO pending (commands,comments) VALUES ('INSERT INTO updates
(lang_id,date,description,update_type) VALUES (\\'3\\',now(),\\'{929}
[j|bbcv2bsf-aa02-f8] ([data|b|date|bbcv2bsf-aa02-f8]). {909} \\\"F49\\\" {221}
\\\"F67\\\".\\',\\'23\\')','admin_modules_banknote_known_serie_prefix_batch');INSERT
INTO pending (commands,comments) VALUES ('INSERT INTO updates
(lang_id,date,description,update_type) VALUES (\\'3\\',now(),\\'{929}
[j|bbcv2bsf-ab01-e8] ([data|b|date|bbcv2bsf-ab01-e8]). {909}
\\\"E39\\\".\\',\\'23\\')','admin_modules_banknote_known_serie_prefix_batch');INSERT
INTO pending (commands,comments) VALUES ('INSERT INTO updates
(lang_id,date,description,update_type) VALUES (\\'3\\',now(),\\'{929}
[j|bbcv10bsf-aa03-p8] ([data|b|date|bbcv10bsf-aa03-p8]). {909}
\\\"P00\\\".\\',\\'23\\')','admin_modules_banknote_known_serie_prefix_batch');INSERT
INTO pending (commands,comments) VALUES ('INSERT INTO updates
(lang_id,date,description,update_type) VALUES (\\'3\\',now(),\\'{929}
[j|bbcv20bsf-aa03r] ([data|b|date|bbcv20bsf-aa03r]). {909}
\\\"Z0398\\\".\\',\\'23\\')','admin_modules_banknote_known_serie_prefix_batch');INSERT
INTO pending (commands,comments) VALUES ('INSERT INTO updates
(lang_id,date,description,update_type) VALUES (\\'3\\',now(),\\'{929}
[j|bbcv100bsf-aa03r] ([data|b|date|bbcv100bsf-aa03r]). {909} \\\"Z01037\\\"
{221}
\\\"Z01075\\\".\\',\\'23\\')','admin_modules_banknote_known_serie_prefix_batch');INSERT
INTO pending (commands,comments) VALUES ('INSERT INTO updates
(lang_id,date,description,update_type) VALUES (\\'3\\',now(),\\'{929}
[j|bbcv50bsf-aa04-n8] ([data|b|date|bbcv50bsf-aa04-n8]). {934}
\\\"N21287822\\\" - \\\"N67408190\\\" {431} \\\"N00038692\\\" -
\\\"N67408190\\\".\\',\\'6\\')','admin_modules_banknote_edit');INSERT INTO
pending (commands,comments) VALUES ('INSERT INTO updates
(lang_id,date,description,update_type) VALUES (\\'3\\',now(),\\'{929}
[j|bbcv50bsf-aa04-n8] ([data|b|date|bbcv50bsf-aa04-n8]). {934}
\\\"N21000001\\\" - \\\"N68000000\\\" {431} \\\"N00000001\\\" -
\\\"N68000000\\\".\\',\\'8\\')','admin_modules_banknote_edit');INSERT INTO
pending (commands,comments) VALUES ('INSERT INTO updates
(lang_id,date,description,update_type) VALUES (\\'3\\',now(),\\'{929}
[j|bbcv50bsf-aa04-n8] ([data|b|date|bbcv50bsf-aa04-n8]). {909}
\\\"N00\\\".\\',\\'23\\')','admin_modules_banknote_known_serie_prefix_batch');INSERT
INTO pending (commands,comments) VALUES ('INSERT INTO updates
(lang_id,date,description,update_type) VALUES (\\'3\\',now(),\\'{929}
[j|bbcv5bsf-aa01-d8] ([data|b|date|bbcv5bsf-aa01-d8]). {909}
\\\"D02\\\".\\',\\'23\\')','admin_modules_banknote_known_serie_prefix_batch');INSERT
INTO pending (commands,comments) VALUES ('INSERT INTO updates
(lang_id,date,description,update_type) VALUES (\\'3\\',now(),\\'{929}
[j|bbcv5bsf-aa01-d8] ([data|b|date|bbcv5bsf-aa01-d8]). {934} \\\"D04016426\\\"
- \\\"D86060540\\\" {431} \\\"D02454532\\\" -
\\\"D86060540\\\".\\',\\'6\\')','admin_modules_banknote_edit');DELETE FROM
updates_pending;INSERT INTO changelog (date,module,changes) VALUES (now(),
'admin_modules_deferred_generate','No Data');";
$sql=preg_split("/;+(?=([^'|^\\\']*['|\\\'][^'|^\\\']*['|\\\'])*[^'|^\\\']*[^'|^\\\']$)/",
$query);
echo "HERE";
?>
Expected result:
----------------
The script runs the preg_split line and crash, it didn't even reach the echo
line
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=60843&edit=1
