From: ab Operating system: Windows PHP version: Irrelevant Package: PCRE related Bug Type: Bug Bug description:Apache stack overflow on PCRE subpatterns
Description: ------------ Running the test ext/pcre/tests/bug47662.phpt under Apache 2.2 or 2.4 causes the CRT error with the following message: Unhandled exception at 0x01E3FC19 (php5ts_debug.dll) in httpd.exe: 0xC00000FD: Stack overflow (parameters: 0x00000001, 0x03CE2948). This error seems to have been existed for a very long time. It happens not only with the pcre ext lately upgraded to 8.31, but also with previous version using PCRE 8.12 . It also happens in both release and debug builds. Here is the backtrace delivered by VS ........................... a lot of match(...) calls ..................... php5ts_debug.dll!match(const unsigned char * eptr, const unsigned char * ecode, const unsigned char * mstart, int offset_top, match_data * md, eptrblock * eptrb, unsigned int rdepth) Line 956 C php5ts_debug.dll!match(const unsigned char * eptr, const unsigned char * ecode, const unsigned char * mstart, int offset_top, match_data * md, eptrblock * eptrb, unsigned int rdepth) Line 956 C php5ts_debug.dll!match(const unsigned char * eptr, const unsigned char * ecode, const unsigned char * mstart, int offset_top, match_data * md, eptrblock * eptrb, unsigned int rdepth) Line 956 C php5ts_debug.dll!match(const unsigned char * eptr, const unsigned char * ecode, const unsigned char * mstart, int offset_top, match_data * md, eptrblock * eptrb, unsigned int rdepth) Line 956 C php5ts_debug.dll!match(const unsigned char * eptr, const unsigned char * ecode, const unsigned char * mstart, int offset_top, match_data * md, eptrblock * eptrb, unsigned int rdepth) Line 956 C php5ts_debug.dll!php_pcre_exec(const real_pcre * argument_re, const pcre_extra * extra_data, const char * subject, int length, int start_offset, int options, int * offsets, int offsetcount) Line 6917 C php5ts_debug.dll!php_pcre_match_impl(pcre_cache_entry * pce, char * subject, int subject_len, _zval_struct * return_value, _zval_struct * subpats, int global, int use_flags, long flags, long start_offset, void * * * tsrm_ls) Line 653 C php5ts_debug.dll!php_do_pcre_match(int ht, _zval_struct * return_value, _zval_struct * * return_value_ptr, _zval_struct * this_ptr, int return_value_used, void * * * tsrm_ls, int global) Line 547 C php5ts_debug.dll!zif_preg_match(int ht, _zval_struct * return_value, _zval_struct * * return_value_ptr, _zval_struct * this_ptr, int return_value_used, void * * * tsrm_ls) Line 798 C php5ts_debug.dll!zend_do_fcall_common_helper_SPEC(_zend_execute_data * execute_data, void * * * tsrm_ls) Line 642 C php5ts_debug.dll!ZEND_DO_FCALL_SPEC_CONST_HANDLER(_zend_execute_data * execute_data, void * * * tsrm_ls) Line 2236 C php5ts_debug.dll!execute(_zend_op_array * op_array, void * * * tsrm_ls) Line 410 C php5ts_debug.dll!zend_execute_scripts(int type, void * * * tsrm_ls, _zval_struct * * retval, int file_count, ...) Line 1309 C php5ts_debug.dll!php_execute_script(_zend_file_handle * primary_file, void * * * tsrm_ls) Line 2482 C php5apache2_2.dll!php_handler(request_rec * r) Line 667 C Test script: --------------- $regex = '@'; for($bar=0; $bar<4027; $bar++) { $regex .= '((?P<x' . $bar . '>))'; } $regex .= 'fo+bar@'; var_dump(preg_match($regex, 'foobar', $m)); Expected result: ---------------- int(1) Actual result: -------------- An exception is thrown. -- Edit bug report at https://bugs.php.net/bug.php?id=63829&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=63829&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=63829&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=63829&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=63829&r=fixed Fixed in release: https://bugs.php.net/fix.php?id=63829&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=63829&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=63829&r=needscript Try newer version: https://bugs.php.net/fix.php?id=63829&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=63829&r=support Expected behavior: https://bugs.php.net/fix.php?id=63829&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=63829&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=63829&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=63829&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=63829&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=63829&r=dst IIS Stability: https://bugs.php.net/fix.php?id=63829&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=63829&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=63829&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=63829&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=63829&r=mysqlcfg