ID: 39349
Updated by: [EMAIL PROTECTED]
Reported By: nikolas dot hagelstein at gmail dot com
Status: Assigned
Bug Type: PCRE related
Operating System: Netbsd 3.0.1
PHP Version: 5.2.0
Assigned To: andrei
New Comment:
Yes, endless recursion most likely results in a segfault and this is
expected.
Previous Comments:
------------------------------------------------------------------------
[2006-11-12 15:15:26] nikolas dot hagelstein at gmail dot com
This seems to be stack overflow related in general:
<?php
class Foo {
function do_something() {
global $x,$i;
$i++;
echo $i."\n";
$x->do_something();
}
}
$i=0;
$x = new Foo();
$x ->do_something();
?>
Endless recursion results in stack overflow which throws a segmentation
fault. Probably libc os related.
------------------------------------------------------------------------
[2006-11-08 20:44:14] nikolas dot hagelstein at gmail dot com
seems to work with ulimit is there any other solution beside
recompiling it using the named flag? i mean running out of stack may
happen on any system regardless of its default ulimits.
------------------------------------------------------------------------
[2006-11-07 14:48:39] [EMAIL PROTECTED]
You probably run out of stack.
You can try increasing your stack size and trying again on the command
line with:
uname -s 16384
for example. If that's what your problem is you can compile an external
PCRE that will not use stack but heap (and be slower in the process).
You can do that by compiling PCRE using --disable-stack-for-recursion
option.
------------------------------------------------------------------------
[2006-11-03 13:03:32] nikolas dot hagelstein at gmail dot com
I was able to narrow down the problem to the following it seems to be
size/overflow related:
<?
$out=<<<EOT
{abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqr
}
EOT;
$out=preg_replace("/\n/","",$out);
$out=preg_replace("/\{(?:[^{}]|\{(?:[^{}]|\{(?:[^{}]|\{[^{}]*\})*\})*\})*\}/","",$out);
?>
This Coredumps but if i reduce the string by one char (ie the 'r') it
stops coredumping.
------------------------------------------------------------------------
[2006-11-02 21:14:29] nikolas dot hagelstein at gmail dot com
Description:
------------
Passing large text to the beyond mentioned regexp makes php core dump
Reproduce code:
---------------
$out=preg_replace("/\{(?:[^{}]|\{(?:[^{}]|\{(?:[^{}]|\{[^{}]*\})*\})*\})*\}/","",$out);
Where $out is <content xml:space="preserve"> of
http://en.wikipedia.org/w/query.php?what=content&titles=moon
Probably related to some libc issues.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=39349&edit=1
