ID: 45546
Comment by: joe at lastpass dot com
Reported By: kaiser at macbureau dot de
Status: No Feedback
Bug Type: PCRE related
Operating System: FreeBSD 7
PHP Version: 5.2.6
New Comment:
Happens at somewhere between 3500 and 6400 characters on every Linux
platform I have access to (x86 and x86_64):
PHP 5.2.6-3ubuntu2 with Suhosin-Patch 0.9.6.2 (cli) (built: Feb 13 2009
20:07:08)
PHP 5.2.6-2ubuntu4.1 with Suhosin-Patch 0.9.6.2 (cli) (built: Feb 11
2009 20:44:58)
PHP 5.2.4-2ubuntu5.5 with Suhosin-Patch 0.9.6.2 (cli) (built: Feb 11
2009 20:09:11)
PHP 5.2.6-3ubuntu2 with Suhosin-Patch 0.9.6.2 (cli) (built: Feb 13 2009
20:20:01)
Previous Comments:
------------------------------------------------------------------------
[2009-02-08 11:55:20] vanav at vanav dot com dot ua
Two gdb examples:
gdb66: Program received signal SIGSEGV, Segmentation fault.
match (
eptr=0x29385a68 "3'\";\n$select[] = \"SELECT p1.id, nick,
p1.creation_date, p1.modification_date, p1.post_title, p1.post_text,
p1.parent_post_id, p2.post_title AS parent_post_title, p3.post_title AS
answer_parent_post_ti"..., ecode=0x28f160ed "\034\"T",
mstart=0x293854bc "<?php\n$select = array();\n$select[] = \"SELECT
uni_files.id, name, disk_filename, icon, size FROM uni_files INNER JOIN
uni_filetypes ON uni_files.filetype_id=uni_filetypes.id WHERE
post_id='167' AND blo"..., offset_top=4, md=0xbfbef000, ims=6,
eptrb=0x0, flags=0,
rdepth=1362) at
/usr/ports/lang/php5/work/php-5.2.8/ext/pcre/pcrelib/pcre_exec.c:580
580 prop_value = 0;
and
0x2863b28a in match (
eptr=0x2940b64f "?аМ202М214,
даже
М201М200еднемМ203
клаМ201М201М203>, ?00\223
заМ217вил
?232М203ниМ206М213н.
даже
М201М200еднемМ203
клаМ201М201М203>, ?00\223
заМ217вил
?232М203ниМ206М213н.
</p><p><?222М213 знаеМ202е,
М207М202о ?..., ecode=0x28ef03bb "\034'U",
mstart=0x2940b398 "'<p>?237о
мнениМ216
?232М203ниМ206М213на,
кМ200М213мМ201кие
влаМ201М202и
должнМ213
даМ202М214
возможноМ201М202М214
М201М200еднемМ203
клаМ201М201М203
капиМ202ализиМ200оваМ202М214
иМ205
М201беМ200ежен?...,
offset_top=4, md=0xbfbf89d0, ims=0, eptrb=0xbfa006a0, flags=2,
rdepth=1388)
at
/usr/ports/lang/php5/work/php-5.2.8/ext/pcre/pcrelib/pcre_exec.c:2160
2160 /usr/ports/lang/php5/work/php-5.2.8/ext/pcre/pcrelib/pcre_exec.c:
No such file or directory.
in /usr/ports/lang/php5/work/php-5.2.8/ext/pcre/pcrelib/pcre_exec.c
------------------------------------------------------------------------
[2009-02-05 01:43:05] vanav at vanav dot com dot ua
Got the same bug, PHP 5.2.8/PCRE 7.8, Apache 2.2.11, Freebsd.
------------------------------------------------------------------------
[2009-01-27 12:37:10] keltia at gmail dot com
I have a similar problem after upgrading to PHP 5.2.8/PCRE 7.8 on a
FreeBSD 7.1/amd64. I'm trying to upgrade Gallery2 to 2.3 and the
installer fails with that error.
[Tue Jan 27 12:28:12 2009] [notice] child pid 92633 exit signal Illegal
instruction (4)
------------------------------------------------------------------------
[2009-01-27 02:16:43] jdw at wheelhouse dot org
We are also having this problem on FreeBSD 7 with Apache 1.3. The
stack trace is the same:
#0 0x286dcbc7 in match () from /usr/local/lib/libpcre.so.0
#1 0x286e3aba in match () from /usr/local/lib/libpcre.so.0
#2 0x286e3aba in match () from /usr/local/lib/libpcre.so.0
#3 0x286e469e in match () from /usr/local/lib/libpcre.so.0
#4 0x286dd629 in match () from /usr/local/lib/libpcre.so.0
#5 0x286e76c4 in pcre_exec () from /usr/local/lib/libpcre.so.0
#6 0x284b72fe in php_pcre_match_impl ()
from /nfsn/apps/apache/libexec/libphp5.so
#7 0x284b7cac in php_do_pcre_match ()
from /nfsn/apps/apache/libexec/libphp5.so
#8 0x285db1a8 in zend_do_fcall_common_helper_SPEC ()
from /nfsn/apps/apache/libexec/libphp5.so
#9 0x285cca7f in execute () from /nfsn/apps/apache/libexec/libphp5.so
#10 0x28b2f0c2 in _su3jdmx ()
from /nfsn/apps/php5/lib/php/extensions/no-debug-non-zts-
20060613/ioncube_loader_fre_5.2.so
#11 0x2af863d8 in ?? ()
#12 0x29e80750 in ?? ()
#13 0x29e7f75c in ?? ()
#14 0x285dac0e in zend_do_fcall_common_helper_SPEC ()
from /nfsn/apps/apache/libexec/libphp5.so
(This version was built with the FreeBSD PCRE instead of the builtin
in case that helped; it didn't.)
In one case, a customer has to set pcre.backtrack_limit and
pcre.recursion_limit to 10 to get a Wordpress RSS feed to load.
Are those considered "sane" values?
Or is this getting ignored due to the incorrect "No Feedback" status?
------------------------------------------------------------------------
[2009-01-14 13:00:22] jdc at parodius dot com
I've built PHP 5.2.8 with debugging enabled, and ran the following
script under PHP via the CLI, under gdb:
<?php
$str = str_repeat('a', 1244);
$utf8 =
(preg_match("/^([\x09\x0A\x0D\x20-\x7E]|[\xC2-\xDF][\x80-\xBF]|\xE0[\xA0-\xBF][\x80-\xBF]|[\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}|
\xED[\x80-\x9F][\x80-\xBF]|\xF0[\x90-\xBF][\x80-\xBF]{2}|[\xF1-\xF3][\x80-\xBF]{3}|\xF4[\x80-\x8F][\x80-\xBF]{2})*$/",
$str)) ? "yes
" : "no";
echo $utf8;
?>
It's important to note that if I change the str_repeat() length from
1244 to 1243, the segfault doesn't happen. The system limits:
Resource limits (current):
cputime infinity secs
filesize infinity kB
datasize 786432 kB
stacksize 131072 kB
coredumpsize infinity kB
memoryuse infinity kB
memorylocked infinity kB
maxprocesses 5547
openfiles 11095
sbsize infinity bytes
vmemoryuse infinity kB
Anyway, the results of the gdb backtrace are here (~790KB file):
http://www.malkavian.com/~jdc/php.bug45546.backtrace.txt
Hope this helps.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/45546
--
Edit this bug report at http://bugs.php.net/?id=45546&edit=1
