#39349 [Fbk->Opn]: Core dump on preg_replace

[nikolas dot hagelstein at gmail dot com]

 ID:               39349
 User updated by:  nikolas dot hagelstein at gmail dot com
 Reported By:      nikolas dot hagelstein at gmail dot com
-Status:           Feedback
+Status:           Open
 Bug Type:         Reproducible crash
 Operating System: Netbsd 3.0.1
 PHP Version:      5.2.0
 New Comment:

seems to work with ulimit is there any other solution beside
recompiling it using the named flag? i mean running out of stack may
happen on any system regardless of its default ulimits.


Previous Comments:
------------------------------------------------------------------------

[2006-11-07 14:48:39] [EMAIL PROTECTED]

You probably run out of stack.

You can try increasing your stack size and trying again on the command
line with:

uname -s 16384

for example. If that's what your problem is you can compile an external
PCRE that will not use stack but heap (and be slower in the process).
You can do that by compiling PCRE using --disable-stack-for-recursion
option.


------------------------------------------------------------------------

[2006-11-03 13:03:32] nikolas dot hagelstein at gmail dot com

I was able to narrow down the problem to the following it seems to be
size/overflow related:
<?
$out=<<<EOT
{abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqr
}
EOT;
$out=preg_replace("/\n/","",$out);
$out=preg_replace("/\{(?:[^{}]|\{(?:[^{}]|\{(?:[^{}]|\{[^{}]*\})*\})*\})*\}/","",$out);
?>

This Coredumps but if i reduce the string by one char (ie the 'r') it
stops coredumping.

------------------------------------------------------------------------

[2006-11-02 21:14:29] nikolas dot hagelstein at gmail dot com

Description:
------------
Passing large text to the beyond mentioned regexp makes php core dump

Reproduce code:
---------------
$out=preg_replace("/\{(?:[^{}]|\{(?:[^{}]|\{(?:[^{}]|\{[^{}]*\})*\})*\})*\}/","",$out);

Where $out is  <content xml:space="preserve">  of
http://en.wikipedia.org/w/query.php?what=content&titles=moon

Probably related to some libc issues.





------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=39349&edit=1