ID: 41165 User updated by: JimmyPaterson at gmx dot de Reported By: JimmyPaterson at gmx dot de -Status: Bogus +Status: Open Bug Type: Reproducible crash Operating System: Fedora Core 6 PHP Version: 5CVS-2007-04-22 (snap) New Comment:
My code however does the same thing example 1662 on http://de2.php.net/manual/en/function.preg-replace-callback.php does. So is that an infinite recursion as well? Why is there an example to infinite recursion if the actual depth of recursion is limited (to whatever depth) and why is there no notice on that matter :?x thanks for helping, joreji Previous Comments: ------------------------------------------------------------------------ [2007-04-23 16:22:58] [EMAIL PROTECTED] >Why is it expected to cause a stack overflow? Why infinite loop is expected to cause stack overflow? Because that's how stack works. >It is not infinite after all PCRE itself uses stack pretty hard. And it is infinite, yes. ------------------------------------------------------------------------ [2007-04-23 16:08:54] JimmyPaterson at gmx dot de Why is it expected to cause a stack overflow? It is not infinite after all - I could "expect" a stack overflow with a hundred of recursive calls to preg_match_callback, but not with only 4 - at least not with memory_limit being 128MB. ------------------------------------------------------------------------ [2007-04-23 10:26:44] [EMAIL PROTECTED] Infinite recursion - preg_replace_callback -> callback -> preg_replace_callback is expected to cause stack overflow. ------------------------------------------------------------------------ [2007-04-22 17:00:03] JimmyPaterson at gmx dot de Description: ------------ Segmentation fault... and I have no idea why. php.ini is the same as CVS snapshot php.ini-recommended with output_buffering = On instead of output_buffering = 4096. PHP Configure line: ./configure --with-pic --disable-rpath --without-pear --with-bz2 --with-curl --with-exec-dir=/usr/bin --enable-gd-native-ttf --without-gdbm --with-gettext --with-gmp --with-iconv --with-openssl --with-png --with-zlib --with-layout=GNU --enable-exif --enable-ftp --enable-magic-quotes --enable-sockets --enable-sysvsem --enable-sysvshm --enable-sysvmsg --enable-track-vars --enable-trans-sid --enable-yp --enable-wddx --with-kerberos --enable-ucd-snmp-hack --enable-memory-limit --enable-shmop --enable-calendar --enable-dbx --enable-dio --with-mime-magic=/usr/share/file/magic --with-xml --with-apxs2=/usr/sbin/apxs --with-mysql --with-gd --prefix=/usr/local/php5 --enable-debug Reproduce code: --------------- Full code, stripped of any includes: http://rafb.net/p/tSDfY786.html Expected result: ---------------- <pre> Header 1 Topic 11 Topic 12 Topic 13 Header 2 Topic 21 Topic 22 Topic 23 </pre> Actual result: -------------- [EMAIL PROTECTED] system]# gdb /usr/sbin/httpd GNU gdb Red Hat Linux (6.5-15.fc6rh) Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux-gnu"...(no debugging symbols found) Using host libthread_db library "/lib/libthread_db.so.1". (gdb) run -X Starting program: /usr/sbin/httpd -X (no debugging symbols found) ... (no debugging symbols found) [Thread debugging using libthread_db enabled] [New Thread -1208940848 (LWP 11923)] (no debugging symbols found) ... (no debugging symbols found) [Thread debugging using libthread_db enabled] [New Thread -1208940848 (LWP 11923)] (no debugging symbols found) ... (no debugging symbols found) [Sun Apr 22 18:51:10 2007] [warn] module php5_module is already loaded, skipping httpd: Could not reliably determine the server's fully qualified domain name, using ::1 for ServerName Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1208760624 (LWP 11884)] 0x0105fe9a in _zval_dtor (zvalue=0x5a5a5a5a, __zend_filename=0x13ebe2c "/usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c", __zend_lineno=1328) at /usr/local/src/php5.2-200704221230/Zend/zend_variables.h:32 32 if (zvalue->type <= IS_BOOL) { (gdb) bt #0 0x0105fe9a in _zval_dtor (zvalue=0x5a5a5a5a, __zend_filename=0x13ebe2c "/usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c", __zend_lineno=1328) at /usr/local/src/php5.2-200704221230/Zend/zend_variables.h:32 #1 0x010628b8 in preg_replace_impl (ht=5, return_value=0x81be6f08, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1, is_callable_replace=1 '\001') at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:1328 #2 0x01062942 in zif_preg_replace_callback (ht=5, return_value=0x81be6f08, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:1347 #3 0x0138a4ae in zend_do_fcall_common_helper_SPEC (execute_data=0xbf9c41b0) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:200 #4 0x013906bc in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbf9c41b0) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:1681 #5 0x01389fa9 in execute (op_array=0x81bd3fd4) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:92 #6 0x0138a674 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf9c4380) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:234 #7 0x0138b297 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbf9c4380) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:322 #8 0x01389fa9 in execute (op_array=0x81bd3ca4) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:92 #9 0x01353d58 in zend_call_function (fci=0xbf9c4560, fci_cache=0x0) at /usr/local/src/php5.2-200704221230/Zend/zend_execute_API.c:970 #10 0x013525ed in call_user_function_ex (function_table=0x8192ef00, object_pp=0x0, function_name=0x81be5fb4, retval_ptr_ptr=0xbf9c45c4, param_count=1, params=0xbf9c45c0, no_separation=0, symbol_table=0x0) at /usr/local/src/php5.2-200704221230/Zend/zend_execute_API.c:602 #11 0x010606ab in preg_do_repl_func (function=0x81be5fb4, subject=0x81be60e8 "{{{header}}}\r\n\t\t<!--{{{block:inner}}}-->\r\n\r\n\t\t\t{{{topic}}}\r\n\t\t\t<!--{{{block:innermost}}}-->\r\n\t\t\t<!--{{{/block:innermost}}}-->\r\n\t\t<!--{{{/block:inner}}}-->\r\n\r\n\t", offsets=0x81be5df0, count=3, result=0xbf9c4620) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:808 #12 0x01061432 in php_pcre_replace_impl (pce=0x81ca5648, subject=0x81be60e8 "{{{header}}}\r\n\t\t<!--{{{block:inner}}}-->\r\n\r\n\t\t\t{{{topic}}}\r\n\t\t\t<!--{{{block:innermost}}}-->\r\n\t\t\t<!--{{{/block:innermost}}}-->\r\n\t\t<!--{{{/block:inner}}}-->\r\n\r\n\t", subject_len=159, replace_val=0x81be5fb4, is_callable_replace=1, result_len=0xbf9c47c0, limit=-1, replace_count=0xbf9c47b0) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:1031 #13 0x010610bb in php_pcre_replace ( regex=0x81be5ee0 "/<!--\\{\\{\\{block\\:\\s*([a-z_][a-z0-9_\\.]*)\\s*\\}\\}\\}-->\\s*((?R)|.*)\\s*<!--\\{\\{\\{\\/block\\:\\s*\\1\\s*\\}\\}\\}-->/is", regex_len=107, subject=0x81be60e8 "{{{header}}}\r\n\t\t<!--{{{block:inner}}}-->\r\n\r\n\t\t\t{{{topic}}}\r\n\t\t\t<!--{{{block:innermost}}}-->\r\n\t\t\t<!--{{{/block:innermost}}}-->\r\n\t\t<!--{{{/block:inner}}}-->\r\n\r\n\t", subject_len=159, replace_val=0x81be5fb4, is_callable_replace=1, result_len=0xbf9c47c0, limit=-1, replace_count=0xbf9c47b0) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:930 #14 0x01061f04 in php_replace_in_subject (regex=0x81be5d10, replace=0x81be5fb4, subject=0x81baf1b8, result_len=0xbf9c47c0, limit=-1, is_callable_replace=1 '\001', replace_count=0xbf9c47b0) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:1225 #15 0x01062866 in preg_replace_impl (ht=5, return_value=0x81be602c, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1, is_callable_replace=1 '\001') at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:1323 #16 0x01062942 in zif_preg_replace_callback (ht=5, return_value=0x81be602c, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:1347 #17 0x0138a4ae in zend_do_fcall_common_helper_SPEC (execute_data=0xbf9c4c60) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:200 #18 0x013906bc in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbf9c4c60) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:1681 #19 0x01389fa9 in execute (op_array=0x81bd3fd4) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:92 #20 0x0138a674 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf9c4e30) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:234 #21 0x0138b297 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbf9c4e30) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:322 #22 0x01389fa9 in execute (op_array=0x81bd3ca4) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:92 #23 0x01353d58 in zend_call_function (fci=0xbf9c5010, fci_cache=0x0) at /usr/local/src/php5.2-200704221230/Zend/zend_execute_API.c:970 #24 0x013525ed in call_user_function_ex (function_table=0x8192ef00, object_pp=0x0, function_name=0x81be4fbc, retval_ptr_ptr=0xbf9c5074, param_count=1, params=0xbf9c5070, no_separation=0, symbol_table=0x0) at /usr/local/src/php5.2-200704221230/Zend/zend_execute_API.c:602 #25 0x010606ab in preg_do_repl_func (function=0x81be4fbc, subject=0x81be50f0 "<!--{{{block:outer}}}-->\r\n\t\t{{{header}}}\r\n\t\t<!--{{{block:inner}}}-->\r\n\r\n\t\t\t{{{topic}}}\r\n\t\t\t<!--{{{block:innermost}}}-->\r\n\t\t\t<!--{{{/block:innermost}}}-->\r\n\t\t<!--{{{/block:inner}}}-->\r\n\r\n\t<!--{{{/block"..., offsets=0x81bbdfe4, count=3, result=0xbf9c50d0) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:808 #26 0x01061432 in php_pcre_replace_impl (pce=0x81ca5648, subject=0x81be50f0 "<!--{{{block:outer}}}-->\r\n\t\t{{{header}}}\r\n\t\t<!--{{{block:inner}}}-->\r\n\r\n\t\t\t{{{topic}}}\r\n\t\t\t<!--{{{block:innermost}}}-->\r\n\t\t\t<!--{{{/block:innermost}}}-->\r\n\t\t<!--{{{/block:inner}}}-->\r\n\r\n\t<!--{{{/block"..., subject_len=212, replace_val=0x81be4fbc, is_callable_replace=1, result_len=0xbf9c5270, limit=-1, replace_count=0xbf9c5260) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:1031 #27 0x010610bb in php_pcre_replace ( regex=0x81be4eac "/<!--\\{\\{\\{block\\:\\s*([a-z_][a-z0-9_\\.]*)\\s*\\}\\}\\}-->\\s*((?R)|.*)\\s*<!--\\{\\{\\{\\/block\\:\\s*\\1\\s*\\}\\}\\}-->/is", regex_len=107, subject=0x81be50f0 "<!--{{{block:outer}}}-->\r\n\t\t{{{header}}}\r\n\t\t<!--{{{block:inner}}}-->\r\n\r\n\t\t\t{{{topic}}}\r\n\t\t\t<!--{{{block:innermost}}}-->\r\n\t\t\t<!--{{{/block:innermost}}}-->\r\n\t\t<!--{{{/block:inner}}}-->\r\n\r\n\t<!--{{{/block"..., subject_len=212, replace_val=0x81be4fbc, is_callable_replace=1, result_len=0xbf9c5270, limit=-1, replace_count=0xbf9c5260) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:930 #28 0x01061f04 in php_replace_in_subject (regex=0x81be4d24, replace=0x81be4fbc, subject=0x81baf188, result_len=0xbf9c5270, limit=-1, is_callable_replace=1 '\001', replace_count=0xbf9c5260) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:1225 #29 0x01062866 in preg_replace_impl (ht=5, return_value=0x81be5034, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1, is_callable_replace=1 '\001') at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:1323 #30 0x01062942 in zif_preg_replace_callback (ht=5, return_value=0x81be5034, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:1347 #31 0x0138a4ae in zend_do_fcall_common_helper_SPEC (execute_data=0xbf9c5710) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:200 #32 0x013906bc in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbf9c5710) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:1681 #33 0x01389fa9 in execute (op_array=0x81bd3fd4) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:92 #34 0x0138a674 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf9c58e0) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:234 #35 0x0138b297 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbf9c58e0) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:322 #36 0x01389fa9 in execute (op_array=0x81bd3ca4) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:92 #37 0x01353d58 in zend_call_function (fci=0xbf9c5ac0, fci_cache=0x0) at /usr/local/src/php5.2-200704221230/Zend/zend_execute_API.c:970 #38 0x013525ed in call_user_function_ex (function_table=0x8192ef00, object_pp=0x0, function_name=0x81be3f10, retval_ptr_ptr=0xbf9c5b24, param_count=1, params=0xbf9c5b20, no_separation=0, symbol_table=0x0) at /usr/local/src/php5.2-200704221230/Zend/zend_execute_API.c:602 #39 0x010606ab in preg_do_repl_func (function=0x81be3f10, subject=0x81be4044 "<!--{{{block:outermost}}}-->\r\n\t<!--{{{block:outer}}}-->\r\n\t\t{{{header}}}\r\n\t\t<!--{{{block:inner}}}-->\r\n\r\n\t\t\t{{{topic}}}\r\n\t\t\t<!--{{{block:innermost}}}-->\r\n\t\t\t<!--{{{/block:innermost}}}-->\r\n\t\t<!--{{{/bloc"..., offsets=0x81bbe1c4, count=3, result=0xbf9c5b80) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:808 #40 0x01061432 in php_pcre_replace_impl (pce=0x81ca5648, subject=0x81be4044 "<!--{{{block:outermost}}}-->\r\n\t<!--{{{block:outer}}}-->\r\n\t\t{{{header}}}\r\n\t\t<!--{{{block:inner}}}-->\r\n\r\n\t\t\t{{{topic}}}\r\n\t\t\t<!--{{{block:innermost}}}-->\r\n\t\t\t<!--{{{/block:innermost}}}-->\r\n\t\t<!--{{{/bloc"..., subject_len=278, replace_val=0x81be3f10, is_callable_replace=1, result_len=0xbf9c5d20, limit=-1, replace_count=0xbf9c5d10) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:1031 #41 0x010610bb in php_pcre_replace ( regex=0x81bbd670 "/<!--\\{\\{\\{block\\:\\s*([a-z_][a-z0-9_\\.]*)\\s*\\}\\}\\}-->\\s*((?R)|.*)\\s*<!--\\{\\{\\{\\/block\\:\\s*\\1\\s*\\}\\}\\}-->/is", regex_len=107, subject=0x81be4044 "<!--{{{block:outermost}}}-->\r\n\t<!--{{{block:outer}}}-->\r\n\t\t{{{header}}}\r\n\t\t<!--{{{block:inner}}}-->\r\n\r\n\t\t\t{{{topic}}}\r\n\t\t\t<!--{{{block:innermost}}}-->\r\n\t\t\t<!--{{{/block:innermost}}}-->\r\n\t\t<!--{{{/bloc"..., subject_len=278, replace_val=0x81be3f10, is_callable_replace=1, result_len=0xbf9c5d20, limit=-1, replace_count=0xbf9c5d10) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:930 #42 0x01061f04 in php_replace_in_subject (regex=0x81be3cd4, replace=0x81be3f10, subject=0x81baf158, result_len=0xbf9c5d20, limit=-1, is_callable_replace=1 '\001', replace_count=0xbf9c5d10) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:1225 #43 0x01062866 in preg_replace_impl (ht=5, return_value=0x81be3f88, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1, is_callable_replace=1 '\001') at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:1323 #44 0x01062942 in zif_preg_replace_callback (ht=5, return_value=0x81be3f88, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /usr/local/src/php5.2-200704221230/ext/pcre/php_pcre.c:1347 #45 0x0138a4ae in zend_do_fcall_common_helper_SPEC (execute_data=0xbf9c61c0) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:200 #46 0x013906bc in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xbf9c61c0) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:1681 #47 0x01389fa9 in execute (op_array=0x81bd3fd4) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:92 #48 0x0138a674 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf9c6340) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:234 #49 0x0138b297 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbf9c6340) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:322 #50 0x01389fa9 in execute (op_array=0x81bd5570) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:92 #51 0x0138a674 in zend_do_fcall_common_helper_SPEC (execute_data=0xbf9c6c70) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:234 #52 0x0138b297 in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0xbf9c6c70) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:322 #53 0x01389fa9 in execute (op_array=0x81bbb350) at /usr/local/src/php5.2-200704221230/Zend/zend_vm_execute.h:92 #54 0x01362499 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /usr/local/src/php5.2-200704221230/Zend/zend.c:1134 #55 0x01306b18 in php_execute_script (primary_file=0xbf9c8fb0) at /usr/local/src/php5.2-200704221230/main/main.c:1794 #56 0x013e4b0c in php_handler (r=0x81cccd50) at /usr/local/src/php5.2-200704221230/sapi/apache2handler/sapi_apache2.c:623 #57 0x8002494d in ap_run_handler () from /usr/sbin/httpd #58 0x800282f8 in ap_invoke_handler () from /usr/sbin/httpd #59 0x800342ee in ap_process_request () from /usr/sbin/httpd #60 0x800310df in ap_register_input_filter () from /usr/sbin/httpd #61 0x8002c80d in ap_run_process_connection () from /usr/sbin/httpd #62 0x8002c90c in ap_process_connection () from /usr/sbin/httpd #63 0x800388a2 in ap_graceful_stop_signalled () from /usr/sbin/httpd #64 0x80038b14 in ap_graceful_stop_signalled () from /usr/sbin/httpd #65 0x80039a29 in ap_mpm_run () from /usr/sbin/httpd #66 0x800101b7 in main () from /usr/sbin/httpd ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=41165&edit=1
