From: pages at inrp dot fr Operating system: Fedora Core 1 (Linux) PHP version: 5.0.0b3 (beta3) PHP Bug Type: Reproducible crash Bug description: preg_match() crashes Apache on VERY SIMPLE pattern but large subject size
Description: ------------ After running the script bellow, /var/log/httpd/error_log says: [Wed Jan 28 00:19:30 2004] [notice] child pid 13744 exit signal Segmentation fault (11) It has been tested on 3 different system : - Red Hat 8.0 + Apache 2.0.40 + PHP 4.2.2 - Red Hat 9 + Apache 2.0.40 + PHP 4.2.2 - Fedora Core 1 + Apache 2.0.48 + 5.0.0b3 Some statistics : - with pattern "/(a)*/", it crashes with a subject length > 13800 - with pattern "/((a))*/", it crashes with a subject length > 9200 - with pattern "/(((a)))*/", it crashes with a subject length > 6900 - with pattern "/((((a))))*/", it crashes with a subject length > 5600 - with pattern "/(((((a)))))*/", it crashes with a subject length > 4600 - with pattern "/((((((a))))))*/", it crashes with a subject length > 4000 - etc... Reproduce code: --------------- <?php # This script crashes Apache : $subject = str_repeat("a",13800); preg_match("/(a)*/",$subject); echo "OK"; # NB: The length of $subject (here 13800) may depend on # your system. It seems to be related to the memory_limit # directive (mine is 8M) but not in the way that # one would expect (it doesn't seem to be something # like "If I give more memory, then I need a larger # subject to crash Apache"). # It doesn't crash if I use the pattern "/a*/" instead # of "/(a)*/". ?> Expected result: ---------------- No crash Actual result: -------------- Crash :-( -- Edit bug report at http://bugs.php.net/?id=27070&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=27070&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=27070&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=27070&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=27070&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=27070&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=27070&r=needscript Try newer version: http://bugs.php.net/fix.php?id=27070&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=27070&r=support Expected behavior: http://bugs.php.net/fix.php?id=27070&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=27070&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=27070&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=27070&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=27070&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=27070&r=dst IIS Stability: http://bugs.php.net/fix.php?id=27070&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=27070&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=27070&r=float