ID: 28461 User updated by: xanthor at xanthor dot tk Reported By: xanthor at xanthor dot tk Status: Open Bug Type: PCRE related Operating System: Linux, WindowsXP© -PHP Version: 4.3.8 +PHP Version: 4.3.8; 4.3.9RC1, 5.0.1 New Comment:
Updating version : I've found an other expression which segfaults also PHP 5 : preg_match("/^((?<!a).)*/",str_repeat('b',21236),$z); Previous Comments: ------------------------------------------------------------------------ [2004-07-19 11:11:33] xanthor at xanthor dot tk The bug is still here with PHP 4.3.8 ------------------------------------------------------------------------ [2004-05-21 11:17:44] xanthor at xanthor dot tk No it isn't fixed : with 2236+3 chars it works, but when we increase this number we manage to have an other segmentation fault. (The new limit seems to be 2247+3) ------------------------------------------------------------------------ [2004-05-21 01:13:19] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-STABLE-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-STABLE-latest.zip ------------------------------------------------------------------------ [2004-05-20 22:15:47] xanthor at xanthor dot tk Description: ------------ This line crash PHP with a segmentation fault. It use a 3-chars-long back reference, on a 2236+3 chars-long string If the back references is only 2 chars long, it's ok. If the long string is less that 2236+3 chars, it's ok too... Reproduce code: --------------- preg_match("/(((?<!aaa).)*)(?<!aaa)aaa/",str_repeat(' ',2236).'aaa',$z); Expected result: ---------------- No crash, and true return by the preg_match Actual result: -------------- segmentation fault ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=28461&edit=1