#27525 [NEW]: preg_match segfaults on certain patterns involving lookahead assertions

Mon, 08 Mar 2004 00:17:06 -0800 

From:             valvatne at pvv dot org
Operating system: RedHat Linux 9 - Kernel 2.4.20-8
PHP version:      4CVS-2004-03-08 (stable)
PHP Bug Type:     Reproducible crash
Bug description:  preg_match segfaults on certain patterns involving lookahead 
assertions

Description:
------------
PHP segfaults when running preg_match() with a simple pattern intended to
match any sequence of characters which are not followed by a given
character (lookahead assertion). The segfault only happens if the string
being matched approaches 10k characters in length, but at that point it
seems to be 100% reproducible.



Config line:

./configure --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql
--with-pgsql --enable-sockets --enable-debug

Reproduce code:
---------------
$strlen = 10000;

$string = '';

for($i=0;$i<$strlen;$i++) {

    $string .= "a";

}

$pattern = '/(.(?!b))*/';

echo preg_match($pattern, $string);

Expected result:
----------------
1

Actual result:
--------------
Segmentation fault. I can't seem to get gdb to behave right now, so if
someone else could reproduce the bug and post a backtrace, that would be
nice.

-- 
Edit bug report at http://bugs.php.net/?id=27525&edit=1
-- 
Try a CVS snapshot (php4):  http://bugs.php.net/fix.php?id=27525&r=trysnapshot4
Try a CVS snapshot (php5):  http://bugs.php.net/fix.php?id=27525&r=trysnapshot5
Fixed in CVS:               http://bugs.php.net/fix.php?id=27525&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=27525&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=27525&r=needtrace
Need Reproduce Script:      http://bugs.php.net/fix.php?id=27525&r=needscript
Try newer version:          http://bugs.php.net/fix.php?id=27525&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=27525&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=27525&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=27525&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=27525&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=27525&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=27525&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=27525&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=27525&r=isapi
Install GNU Sed:            http://bugs.php.net/fix.php?id=27525&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=27525&r=float

Reply via email to