From: freebsd at akruijff dot dds dot nl
Operating system: FreeBSD
PHP version: 5.1.2
PHP Bug Type: PCRE related
Bug description: preg_replace crashes apache22 when given a large input and a
lazy regex
Description:
------------
The preg_replace instruction I've writen should remove everything betwain
[!-- and --]. This can include newlines.
The code use to run just fine until i upgraded from apache20 to apache22
this month. So I am not sure whether this is a php bug or apache22 bug.
When this code is run then apache22 reports:
[Mon Jan 30 03:07:16 2006] [notice] child pid 2921 exit signal Illegal
instruction (4)
I've bin able to avoid a crash by reducing the input a lot (aprox 80%) or
changing regex from \[!--(.|\n)*?--\] to \[!--(.*|\n)*?--\].
Reproduce code:
---------------
<?php
$output = "[!--\n[table class=\"bigtext\"]\n[thead]\n[tr][td
align='center' colspan='3'][b]Overview firewall
rules[/b][/td][/tr]\n[tr][td]Start rule number[/td][td]Stop rule
numer[/td][td]Purpose[/td][/tr]\n[/thead]\n[tbody]\n[tr][td
align='center']100[/td][td align='center']199[/td][td]Count or allow
traffic on the
NICs[/td][/tr]\n[tr][td][br][/td][td][br][/td][td][br][/td][/tr]\n[tr][td
align='center']1000[/td][td align='center']1999[/td][td][b]Early
allow[/b][/td][/tr]\n[tr][td align='center']1000[/td][td
align='center']1099[/td][td]Allow local traffic[/td][/tr]\n[tr][td
align='center']1300[/td][td align='center']1399[/td][td]Allow local
services and deny
alternatives[/td][/tr]\n[tr][td][br][/td][td][br][/td][td][br][/td][/tr]\n[tr][td
align='center']2000[/td][td align='center']2999[/td][td][b]Early deny /
reject[/b][/td][/tr]\n[tr][td align='center']2000[/td][td
align='center']2099[/td][td]Deny spoofing[/td][/tr]\n[tr][td
align='center']2100[/td][td align='center']2199[/td][td]Blocked hosts by
portsentry (thirth part application)[/td][/tr]\n[tr][td
align='center']2200[/td][td align='center']2499[/td][td]Blocklist (written
by a one of my scripts)[/td][/tr]\n[tr][td align='center']2900[/td][td
align='center']2999[/td][td]Tempory block (intented until ipa is
run)[/td][/tr]\n[tr][td][br][/td][td][br][/td][td][br][/td][/tr]\n[tr][td
align='center']3000[/td][td align='center']3999[/td][td][b]Network Address
Transtion + Dummynet[/b][/td][/tr]\n[tr][td align='center']3000[/td][td
align='center']3099[/td][td]Selecting traffic shaping and natd
traffic[/td][/tr]\n[tr][td align='center']3100[/td][td
align='center']3199[/td][td]Traffic shaping up[/td][/tr]\n[tr][td
align='center']3200[/td][td align='center']3299[/td][td]Passing though
natd[/td][/tr]\n[tr][td align='center']3300[/td][td
align='center']3399[/td][td]Traffic shaping down (for natd
traffic)[/td][/tr]\n[tr][td align='center']3400[/td][td
align='center']3499[/td][td]Traffic shaping down (for non-natd
traffic)[/td][/tr]\n[tr][td][br][/td][td][br][/td][td][br][/td][/tr]\n[tr][td
align='center']4000[/td][td align='center']4999[/td][td][b]Selection for
skipto 5xxxx[/b][/td][/tr]\n[tr][td align='center']4000[/td][td
align='center']4099 [/td][td]Skipto 5x000 traffic based on IP
number[/td][/tr]\n[tr][td align='center']4100[/td][td
align='center']4199[/td][td]Skipto 5x000 traffic based on account
information[/td][/tr]\n[tr][td align='center']4600[/td][td
align='center']4699[/td][td]STATEFUL Firewall[/td][/tr]\n[tr][td
align='center']4900[/td][td align='center']4999[/td][td]Deny everything
else[/td][/tr]\n[tr][td][br][/td][td][br][/td][td][br][/td][/tr]\n[tr][td
align='center']50000[/td][td align='center']59999[/td][td][b]Count traffic
for a user (IP or account)[/b][/td][/tr]\n[tr][td
align='center']5x000[/td][td align='center'5x999[/td][td]Selecting out or
in[/td][/tr]\n[tr][td align='center']5x100[/td][td
align='center']5x499[/td][td]Counting traffic out[/td][/tr]\n[tr][td
align='center']5x600[/td][td align='center']5x999[/td][td]Counting traffic
in[/td][/tr]\n[/tbody]\n[/table]\n --]\n";
$output = preg_replace('/\[!--(.|\n)*?--\]/', '', $output);
echo 'output="'.$output.'"';
?>
--
Edit bug report at http://bugs.php.net/?id=36203&edit=1
--
Try a CVS snapshot (PHP 4.4):
http://bugs.php.net/fix.php?id=36203&r=trysnapshot44
Try a CVS snapshot (PHP 5.1):
http://bugs.php.net/fix.php?id=36203&r=trysnapshot51
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=36203&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=36203&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=36203&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=36203&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=36203&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=36203&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=36203&r=support
Expected behavior: http://bugs.php.net/fix.php?id=36203&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=36203&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=36203&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=36203&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=36203&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=36203&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=36203&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=36203&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=36203&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=36203&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=36203&r=mysqlcfg
