#39349 [Asn->Bgs]: Core dump on preg_replace

Fri, 01 Dec 2006 12:25:21 -0800 

 ID:               39349
 Updated by:       [EMAIL PROTECTED]
 Reported By:      nikolas dot hagelstein at gmail dot com
-Status:           Assigned
+Status:           Bogus
 Bug Type:         PCRE related
 Operating System: Netbsd 3.0.1
 PHP Version:      5.2.0
 Assigned To:      andrei
 New Comment:

no bug here. just a stack overflow, which is avoidable by tweaking the
new ini options and/or increasing the stack size.


Previous Comments:
------------------------------------------------------------------------

[2006-11-12 19:03:04] [EMAIL PROTECTED]

Yes, endless recursion most likely results in a segfault and this is
expected.

------------------------------------------------------------------------

[2006-11-12 15:15:26] nikolas dot hagelstein at gmail dot com

This seems to be stack overflow related in general:
<?php

class Foo {
        function do_something() {
                global $x,$i;           
                $i++;
                echo $i."\n";
                $x->do_something();             
        }
}
$i=0;
$x = new Foo();
$x ->do_something();
?>

Endless recursion results in stack overflow which throws a segmentation
fault. Probably libc os related.

------------------------------------------------------------------------

[2006-11-08 20:44:14] nikolas dot hagelstein at gmail dot com

seems to work with ulimit is there any other solution beside
recompiling it using the named flag? i mean running out of stack may
happen on any system regardless of its default ulimits.

------------------------------------------------------------------------

[2006-11-07 14:48:39] [EMAIL PROTECTED]

You probably run out of stack.

You can try increasing your stack size and trying again on the command
line with:

uname -s 16384

for example. If that's what your problem is you can compile an external
PCRE that will not use stack but heap (and be slower in the process).
You can do that by compiling PCRE using --disable-stack-for-recursion
option.


------------------------------------------------------------------------

[2006-11-03 13:03:32] nikolas dot hagelstein at gmail dot com

I was able to narrow down the problem to the following it seems to be
size/overflow related:
<?
$out=<<<EOT
{abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy
abcdefghijklmnopqrstuvwxyabcdefghijklmnopqr
}
EOT;
$out=preg_replace("/\n/","",$out);
$out=preg_replace("/\{(?:[^{}]|\{(?:[^{}]|\{(?:[^{}]|\{[^{}]*\})*\})*\})*\}/","",$out);
?>

This Coredumps but if i reduce the string by one char (ie the 'r') it
stops coredumping.

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://bugs.php.net/39349

-- 
Edit this bug report at http://bugs.php.net/?id=39349&edit=1

Reply via email to