ID: 28461 Updated by: [EMAIL PROTECTED] Reported By: xanthor at xanthor dot tk Status: Open Bug Type: PCRE related Operating System: Linux, WindowsXP© PHP Version: 4.3.9, 4.3.10RC2, 5.0.2 New Comment:
This is the standard "PCRE uses on-stack recursion" bug which has been filed and closed umpteen times. To reproduce just increase the length of the string until exhausts your stack space. One way PHP could mitigate the issue is to to set the match_limit field in the pcre_extra structure which puts a limit on the depth of the stack recursion. Previous Comments: ------------------------------------------------------------------------ [2004-12-09 14:13:26] xanthor at xanthor dot tk Still segfault with PHP 4.3.10RC2 and PCRE Library Version 4.5 01-December-2003 ------------------------------------------------------------------------ [2004-12-06 16:17:35] [EMAIL PROTECTED] Can't reproduce with any of dev versions (tried latest 4.3.10-dev, 5.1.0-dev & 5.0.3-dev under Linux). Please, try latest snapshots and tell me what version of pcre you're using (mine is 3.9) if you're still able to reproduce it. ------------------------------------------------------------------------ [2004-09-28 10:41:22] xanthor at xanthor dot tk The regexs still crash PHP 4.3.9 and PHP 5.0.2 ------------------------------------------------------------------------ [2004-09-16 15:50:47] [EMAIL PROTECTED] your last regex crashes PHP 5 also. The segfault isn't in PHP but in pcre (this is quite normal due to the NFA nature of pcre). ------------------------------------------------------------------------ [2004-09-10 17:01:41] hewei at ied dot org dot cn preg_match("/(((?<!aaa).)*)(?<!aaa)aaa/",str_repeat(' ',10882).'aaa',$z); crashes PHP4.3.9RC2 But not on php-4.3.2-11.1.ent (WBEL 3.0), the length to trigger segmentation fault is about 19230. The most funny thing is that the more closer to the limit, the more likely you will get a random segmentation fault. Not only the above pattern will cause the error, preg_match("/^( )*$/",str_repeat(' ',19250)); will too. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/28461 -- Edit this bug report at http://bugs.php.net/?id=28461&edit=1