ID: 36267 Updated by: [EMAIL PROTECTED] Reported By: mikeb at tracersinfo dot com -Status: Open +Status: Bogus Bug Type: PCRE related Operating System: Linux PHP Version: 5.1.2 New Comment:
ups, sorry. Previous Comments: ------------------------------------------------------------------------ [2006-02-02 23:00:07] [EMAIL PROTECTED] I still can't get the reproduce script, but this seems to be the well known PCRE stack overflow problem. Maybe Windows is giving the process more stack than your linux machines, thus PHP doesn't segault there. ------------------------------------------------------------------------ [2006-02-02 22:58:36] [EMAIL PROTECTED] So it looks like you found another one problem in PCRElib. Please report it to the author of PCRE: http://pcre.org Thanks. ------------------------------------------------------------------------ [2006-02-02 22:25:32] mikeb at tracersinfo dot com I recompiled PHP 5.1.2 with --enable-debug added to my config options on my home machine from the available sources on your site. Despite this, I wasn't able to get a core file as described in your documentation on backtrace. However, running the CLI under gdb, I did get the following: ------------------------------------- (gdb) run testpregfault2.txt Starting program: /usr/local/bin/php testpregfault2.txt [Thread debugging using libthread_db enabled] [New Thread -1215732032 (LWP 18908)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1215732032 (LWP 18908)] 0x080a293c in match ( eptr=0x85f480f "vv wwwww xxxxx yyyyy zzzzz\naaaaa bbbbb ccccc ddddd eeeee fffff ggggg <hhh> iiiii jjjjj kkkkk lllll mmmmm\nnnnnn ooooo ppppp qqqqq rrrrr sssss ttttt uuuuu vvvvv wwwww xxxxx yyyyy zzzzz\naaaaa bbbbb ccccc"..., ecode=0x858121a "\027<A", offset_top=2, md=0xbfb7d274, ims=5, eptrb=0xbf3803d0, flags=2) at /home/mikeb/src/php-5.1.2/ext/pcre/pcrelib/pcre_exec.c:357 357 { -------------------------------------- Attempts to bt from here yielded thousands (I killed it sometime after 5000) frames similar to: --------------------------------------- #5835 0x080a67bd in match ( eptr=0x85f3145 "llll mmmmm\nnnnnn ooooo ppppp qqqqq rrrrr sssss ttttt uuuuu vvvvv wwwww xxxxx yyyyy zzzzz\naaaaa bbbbb ccccc ddddd eeeee fffff ggggg <hhh> iiiii jjjjj kkkkk lllll mmmmm\nnnnnn ooooo ppppp qqqqq rrrrr sss"..., ecode=0x8581217 "J", offset_top=2, md=0xbfb7d274, ims=5, eptrb=0xbf726970, flags=Variable "flags" is not available. ) at /home/mikeb/src/php-5.1.2/ext/pcre/pcrelib/pcre_exec.c:975 -------------------------------- with the subject string growing one character at a time to the left (next was 'lllll', etc.) The final commands listed at the bottom of your "generating a gdb backtrace" page yielded the following results: ---------------------------- (gdb) print (char *)(executor_globals.function_state_ptr->function)->common.function_name $1 = 0x8372d23 "preg_replace" (gdb) print (char *)executor_globals.active_op_array->function_name $2 = 0x0 (gdb) print (char *)executor_globals.active_op_array->filename $3 = 0x8584bfc "/home/mikeb/temp/testpregfault2.txt" ----------------------------------------- I'll be happy to do anything I can to give you more information on this, but there's no telling how many more thousands of match() frames there were, and it seems pretty clear that the last execute() was preg_replace. Frankly, I'm most puzzled by the fact that this works properly on every Windows machine I've tried it on, and fails consistently identically on at least three separately-compiled Linux machines. Thanks for your help. Mike ------------------------------------------------------------------------ [2006-02-02 21:18:48] [EMAIL PROTECTED] Thank you for this bug report. To properly diagnose the problem, we need a backtrace to see what is happening behind the scenes. To find out how to generate a backtrace, please read http://bugs.php.net/bugs-generating-backtrace.php for *NIX and http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32 Once you have generated a backtrace, please submit it to this bug report and change the status back to "Open". Thank you for helping us make PHP better. This is all I can get with valgrind and I can't reproduce the segfault without it. ==3882== Process terminating with default action of signal 11 (SIGSEGV) ==3882== Access not within mapped region at address 0xBE7FFF24 ==3882== at 0x806D2FD: match (pcre_exec.c:517) ==3882== Stack overflow in thread 1: can't grow stack to 0xBE7FFEAC ------------------------------------------------------------------------ [2006-02-02 21:15:49] [EMAIL PROTECTED] the url you refer above doesn't work (error 403). please change the permissions. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/36267 -- Edit this bug report at http://bugs.php.net/?id=36267&edit=1
