#40909 [Opn->Bgs]: Segmentation Fault with preg_match_all

tony2001 Mon, 26 Mar 2007 02:07:44 -0800

 ID:               40909
 Updated by:       [EMAIL PROTECTED]
 Reported By:      adrynet at tiscali dot it
-Status:           Open
+Status:           Bogus
 Bug Type:         *Regular Expressions
 Operating System: Linux Fedora / Redhat / CentOS
 PHP Version:      4.4.6
 New Comment:


Yet another PCRE stack overflow.
We got new INI options in PHP5 in order to "limit" the appetite of
PCRE, though they do not really fix the problem in PCRE library, which
is known to overflow the stack on certain expressions and there are no
plans on adding these options to PHP4.


Previous Comments:
------------------------------------------------------------------------

[2007-03-25 22:36:10] judas dot iscariote at gmail dot com

reproducible with CVS 5_2 too.

 gdb --args ./sapi/cli/php ~/preg.php

(gdb) run
Starting program: /home/cristian/php5/sapi/cli/php
/home/cristian/preg.php
Program received signal SIGSEGV, Segmentation fault.
0x0000000000453d2d in match (eptr=Cannot access memory at address
0x7fff5c974b60
) at /home/cristian/php5/ext/pcre/pcrelib/pcre_exec.c:372
372     {
(gdb) bt full
#0  0x0000000000453d2d in match (eptr=Cannot access memory at address
0x7fff5c974b60
) at /home/cristian/php5/ext/pcre/pcrelib/pcre_exec.c:372
        rrc = Cannot access memory at address 0x7fff5c974c48
(gdb)

------------------------------------------------------------------------

[2007-03-24 17:46:21] adrynet at tiscali dot it

Description:
------------
Good morning,
executing preg_match_all() function with this Regular Expression causes
a PHP Segmentation Fault.

The following code works correctly both with previous versions of PHP
and PHP 5.2.1.

Thank you for support
Adriano C.

Reproduce code:
---------------
<?php
            
$pattern =
"/\s([\w_\.\/]+)(?:=([\'\"]?(?:[\w\d\s\?=\(\)\.,'_#\/\\:;&-]|(?:\\\\\"|\\\')?)+[\'\"]?))?/";
$context = "<simpletag an_attribute=\"simpleValueInside\">";

$match = array();

if ($result =preg_match_all($pattern, $context, $match))
{

var_dump($result);
}


?>

Expected result:
----------------
int(1)

Actual result:
--------------
Segmentation Fault


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=40909&edit=1

#40909 [Opn->Bgs]: Segmentation Fault with preg_match_all

Reply via email to