Edit report at https://bugs.php.net/bug.php?id=63913&edit=1
ID: 63913 Updated by: s...@php.net Reported by: s...@php.net Summary: Segfault on preg_replace with some weird conditions -Status: Feedback +Status: Closed Type: Bug Package: PCRE related Operating System: Windows 7 x64 PHP Version: 5.5.0alpha2 -Assigned To: +Assigned To: seld Block user comment: N Private report: N New Comment: The fix for this bug has been committed. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. For Windows: http://windows.php.net/snapshots/ Thank you for the report, and for helping us make PHP better. OK the latest snap seems to work indeed, so I am closing this. I will try the nest release for sure and hopefully once it trickles down to travis-ci we will have a green build again. Previous Comments: ------------------------------------------------------------------------ [2013-01-08 13:58:27] a...@php.net I've just took the latest 5.5 snap http://windows.php.net/downloads/snaps/php-5.5/rcde53e7/ and ran your code against it - see no segfaults with CLI. Could you please try this snap? The trace is kind of a bit too short :) May be you'll have more luck using this guide? https://bugs.php.net/bugs-generating-backtrace-win32.php ------------------------------------------------------------------------ [2013-01-06 16:01:20] s...@php.net Regarding the stack limit, I don't think so for two reasons: 1) it works on 5.4, 2) if you look at the code I tried a very simple .* pattern and that seems to trigger a failure too. I tried to increase pcre stuff to 10million and it still fails. As I said I couldn't reduce it further, if I tweak the code too much it stops crashing, and I could not really pinpoint it to an exact line that makes it fail. All it does is preg_replace calls though so I guess that's it. Anyway here is the stack trace, not sure it's any help: Full Call Stack Function Arg 1 Arg 2 Arg 3 Arg 4 Source ntdll!NtRaiseException+12 0094efa4 0094eff4 00000000 c0000005 ntdll!KiUserExceptionDispatcher+29 0094efa4 0094eff4 00000000 c0000005 Exception Information PHP5TS!ZEND_DO_FCALL_COMMON_HELPER_SPEC+E7DIn php__PID__248__Date__01_06_2013__Time_04_57_23PM__236__Second_Chance_Exception_C0000005.dmp the assembly instruction at php5ts!zend_do_fcall_common_helper_SPEC+e7d in c:\Users\seld\Apps\Server\PHP\php\php5ts.dll from The PHP Group has caused an access violation exception (0xC0000005) when trying to read from memory location 0x05f804c8 on thread 0 ------------------------------------------------------------------------ [2013-01-06 10:15:54] paj...@php.net Can you provide a full BT please? Debug symbols must be loaded or the symbol path. Also I suspect the classic pcre stack limit crash issue here. Can you try to increase it using edit in and run the test again? If you could provide the simple pcre call, if it us actually a pcre crash. ------------------------------------------------------------------------ [2013-01-06 00:15:10] s...@php.net Description: ------------ The composer test suite segfaults on 5.5 as you can see on https://travis-ci.org/composer/composer/jobs/3971664 I tried investigating on my machine and could not get to the bottom of it, so here are my findings, I hope someone else can reproduce and will have more of a clue than I do. The weirdest thing is that *sometimes* depending on the code changes I make to runme.php (see https://gist.github.com/7f465d4109d667a73984) it actually runs through fine, but most of the time it crashes. Then a bit later if I try and do a similar change it crashes again, either it's an intermittent system issue or something's very wrong. Since it also segfaults on travis I would assume the latter. Note that tweaking the input to the preg_replace call (by removing bits and pieces of testcase.php) also tends to make it work sometimes. For example removing the "}" at line 15 makes it work for me. Test script: --------------- Run these commands: git clone https://gist.github.com/7f465d4109d667a73984.git reproduce cd reproduce/ php runme.php Expected result: ---------------- With 5.4.8 VC9 TS I get the following: $ php runme.php string(8) "content:" string(103) "<?php\n namespace Foo; class StripNoise { public function test() { return <<<A\nclass Fail23\n{\n}\nA\n; } } " string(4) "test" string(2) "aa" string(8) "starting" string(4) "done" bool(true) Actual result: -------------- With 5.5.0-alpha2 V9 TS I get this: $ php runme.php string(8) "content:" string(103) "<?php namespace Foo; class StripNoise { public function test() { return <<<A class Fail23 { } A ; } } " string(4) "test" --- then the process crashes and I get a crash window with the following details --- Problem signature: Problem Event Name: APPCRASH Application Name: php.exe Application Version: 5.5.0.0 Application Timestamp: 50d1254a Fault Module Name: php5ts.dll Fault Module Version: 5.5.0.0 Fault Module Timestamp: 50d13446 Exception Code: c0000005 Exception Offset: 0004762d OS Version: 6.1.7601.2.1.0.256.1 Locale ID: 4108 Additional Information 1: 0a9e Additional Information 2: 0a9e372d3b4ad19135b953a78882e789 Additional Information 3: 0a9e Additional Information 4: 0a9e372d3b4ad19135b953a78882e789 ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=63913&edit=1
