From: php at vicaya dot com Operating system: Linux/amd64 PHP version: 5.2.0 PHP Bug Type: PCRE related Bug description: preg_match/replace segfaults on certain user data.
Description: ------------ Both PHP 5.2.0 (pcre 6.7) and 5.1.6 (pcre 6.6) have this problem: A working pattern segfaults on certain user data. Could be stack overflow in pcre_exec/match. This patterns is almost straight from the documentation: /\{(?:(?>[^{}]+)|(?R))+\}/Us Basically to match nested {} (instead of parentheses) I found a simple workaround to the particular problem I have, but the code should not segfault. Note if you change the 12000 in the code to anything less than 8158, it will produce the correct result. Reproduce code: --------------- <?= preg_match('/{(?:(?>[^{}]+)|(?R))+}/Us', '{open'. str_repeat('.', 12000) .'{open}'), "\n"?> Expected result: ---------------- 1 Actual result: -------------- Segmentation fault -- Edit bug report at http://bugs.php.net/?id=39387&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=39387&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=39387&r=trysnapshot52 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=39387&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=39387&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=39387&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=39387&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=39387&r=needscript Try newer version: http://bugs.php.net/fix.php?id=39387&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=39387&r=support Expected behavior: http://bugs.php.net/fix.php?id=39387&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=39387&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=39387&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=39387&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=39387&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=39387&r=dst IIS Stability: http://bugs.php.net/fix.php?id=39387&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=39387&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=39387&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=39387&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=39387&r=mysqlcfg