#47907 [Bgs]: Segmentation fault during many preg_matches
ID: 47907 User updated by: tafkad at web dot de Reported By: tafkad at web dot de Status: Bogus Bug Type: PCRE related Operating System: Linux Debian Lenny PHP Version: 5.2.9 New Comment: Thank you, this seems to be the problem. I've tested it now with a larger size and it runs clean, but it helps not if the content that will be compiled is larger than yet. Is there anyway to get actual stack size and the limit in php, i've nothing found about it. Because I must stop the script before it runs into a segfault. Previous Comments: [2009-04-10 15:07:33] nlop...@php.net It doesn't crash for me. It seems you need to increase the stack size (with ulimit -s). [2009-04-06 13:02:29] tafkad at web dot de Description: I use a class(phpcc) to transform a searchstring into an SQL where clause. If it has many options like brackets or operators or if it is a very long string php ends in a segmentation fault. I've tested it with two php version 5.2.6 and 5.2.9. I use the cli version. I've created a test script with a for loop that generates a simple searchstatement with 2000 searchterms. If I run this script it crash. When I'll decrase the amount of searchterms to 1000 it will run clean. GDB shows preg_match as last execute, thats why I think there must be an error. The script uses a very huge amount of memory(I've configured php.ini with 1024M). php.ini changes from against default(debian) max_execution_time = 3 ; 30 ; Maximum execution time of each script, in seconds max_input_time = 6 ; 60 ; Maximum amount of time each script may spend parsing request data ;max_input_nesting_level = 64 ; Maximum input variable nesting level memory_limit = 1024M ; 32M ; Maximum amount of memory a script may consume (32MB) Active modules (php -m) [PHP Modules] bcmath,bz2,calendar,ctype,curl,date,dba,dbase,dom,exif,ffmpeg,filter,ftp,gd,gettext,hash,iconv,json,libxml,mbstring,mime_magic,mysql,mysqli,ncurses,openssl,pcntl,pcre,PDO,pdo_mysql,posix,readline,Reflection,session,shmop,SimpleXML,soap,sockets,SPL,standard,sysvmsg,sysvsem,sysvshm,tidy,tokenizer,wddx,xml,xmlreader,xmlwriter,zip,zlib Reproduce code: --- Code is to long. Under http://paste.root-zone.info/debug.tar.gz is a dir with the class and an testscript. Expected result: Before the script can finish, php crashes. Actual result: -- #23 0x004783db in match (eptr=0x0, ecode=0x107108e8 "'TESTSTR1160' or OR_ID = 'TESTSTR1161' or OR_ID = 'TESTSTR1162' or OR_ID = 'TESTSTR1163' or OR_ID = 'TESTSTR1164' or OR_ID = 'TESTSTR1165' or OR_ID = 'TESTSTR1166' or OR_ID"..., mstart=0x2 , offset_top=32767, md=0x0, ims=15, eptrb=0x47a157, flags=0, rdepth=0) at /usr/src/php5/source/php5-5.2.9/ext/pcre/pcrelib/pcre_exec.c:1184 #24 0x0047a157 in match (eptr=0x1 , ecode=0x107108e8 "'TESTSTR1160' or OR_ID = 'TESTSTR1161' or OR_ID = 'TESTSTR1162' or OR_ID = 'TESTSTR1163' or OR_ID = 'TESTSTR1164' or OR_ID = 'TESTSTR1165' or OR_ID = 'TESTSTR1166' or OR_ID"..., mstart=0x2 , offset_top=32767, md=0x0, ims=3, eptrb=0x4803f4, flags=0, rdepth=0) at /usr/src/php5/source/php5-5.2.9/ext/pcre/pcrelib/pcre_exec.c:714 #25 0x004803f4 in match (eptr=0x2ed1fe5 "", ecode=0x107108e8 "'TESTSTR1160' or OR_ID = 'TESTSTR1161' or OR_ID = 'TESTSTR1162' or OR_ID = 'TESTSTR1163' or OR_ID = 'TESTSTR1164' or OR_ID = 'TESTSTR1165' or OR_ID = 'TESTSTR1166' or OR_ID"..., mstart=0x27c2b71e0 , offset_top=32767, md=0x0, ims=45889320, eptrb=0x481f97, flags=0, rdepth=0) at /usr/src/php5/source/php5-5.2.9/ext/pcre/pcrelib/pcre_exec.c:2035 #26 0x00481f97 in php_pcre_exec (argument_re=0x10716821, extra_data=0x2ed2016, subject=0x20 , length=275843303, start_offset=0, options=275843304, offsets=0x488020, offsetcount=275614368) at /usr/src/php5/source/php5-5.2.9/ext/pcre/pcrelib/pcre_exec.c:4844 #27 0x00488020 in php_pcre_match_impl (pce=0x107108e8, subject=0x5f390048662f , subject_len=0, return_value=0x10718550, subpats=0xc106f7fd0, global=0, use_flags=4753947, flags=0, start_offset=0) at /usr/src/php5/source/php5-5.2.9/ext/pcre/php_pcre.c:621 #28 0x00488a1b in php_do_pcre_match (ht=3, return_value=0x106f7fd0, return_value_ptr=0x7fff7c2b31a0, this_ptr=0x7fff7c2b31b0, return_value_used=208324, global=0) at /usr/src/php5/source/php5-5.2.9/ext/pcre/php_pcre.c:513 #29 0x006c01ad in zend_do_fcall_
#47907 [NEW]: Segmentation fault during many preg_matches
From: tafkad at web dot de Operating system: Linux Debian Lenny PHP version: 5.2.9 PHP Bug Type: PCRE related Bug description: Segmentation fault during many preg_matches Description: I use a class(phpcc) to transform a searchstring into an SQL where clause. If it has many options like brackets or operators or if it is a very long string php ends in a segmentation fault. I've tested it with two php version 5.2.6 and 5.2.9. I use the cli version. I've created a test script with a for loop that generates a simple searchstatement with 2000 searchterms. If I run this script it crash. When I'll decrase the amount of searchterms to 1000 it will run clean. GDB shows preg_match as last execute, thats why I think there must be an error. The script uses a very huge amount of memory(I've configured php.ini with 1024M). php.ini changes from against default(debian) max_execution_time = 3 ; 30 ; Maximum execution time of each script, in seconds max_input_time = 6 ; 60 ; Maximum amount of time each script may spend parsing request data ;max_input_nesting_level = 64 ; Maximum input variable nesting level memory_limit = 1024M ; 32M ; Maximum amount of memory a script may consume (32MB) Active modules (php -m) [PHP Modules] bcmath,bz2,calendar,ctype,curl,date,dba,dbase,dom,exif,ffmpeg,filter,ftp,gd,gettext,hash,iconv,json,libxml,mbstring,mime_magic,mysql,mysqli,ncurses,openssl,pcntl,pcre,PDO,pdo_mysql,posix,readline,Reflection,session,shmop,SimpleXML,soap,sockets,SPL,standard,sysvmsg,sysvsem,sysvshm,tidy,tokenizer,wddx,xml,xmlreader,xmlwriter,zip,zlib Reproduce code: --- Code is to long. Under http://paste.root-zone.info/debug.tar.gz is a dir with the class and an testscript. Expected result: Before the script can finish, php crashes. Actual result: -- #23 0x004783db in match (eptr=0x0, ecode=0x107108e8 "'TESTSTR1160' or OR_ID = 'TESTSTR1161' or OR_ID = 'TESTSTR1162' or OR_ID = 'TESTSTR1163' or OR_ID = 'TESTSTR1164' or OR_ID = 'TESTSTR1165' or OR_ID = 'TESTSTR1166' or OR_ID"..., mstart=0x2 , offset_top=32767, md=0x0, ims=15, eptrb=0x47a157, flags=0, rdepth=0) at /usr/src/php5/source/php5-5.2.9/ext/pcre/pcrelib/pcre_exec.c:1184 #24 0x0047a157 in match (eptr=0x1 , ecode=0x107108e8 "'TESTSTR1160' or OR_ID = 'TESTSTR1161' or OR_ID = 'TESTSTR1162' or OR_ID = 'TESTSTR1163' or OR_ID = 'TESTSTR1164' or OR_ID = 'TESTSTR1165' or OR_ID = 'TESTSTR1166' or OR_ID"..., mstart=0x2 , offset_top=32767, md=0x0, ims=3, eptrb=0x4803f4, flags=0, rdepth=0) at /usr/src/php5/source/php5-5.2.9/ext/pcre/pcrelib/pcre_exec.c:714 #25 0x004803f4 in match (eptr=0x2ed1fe5 "", ecode=0x107108e8 "'TESTSTR1160' or OR_ID = 'TESTSTR1161' or OR_ID = 'TESTSTR1162' or OR_ID = 'TESTSTR1163' or OR_ID = 'TESTSTR1164' or OR_ID = 'TESTSTR1165' or OR_ID = 'TESTSTR1166' or OR_ID"..., mstart=0x27c2b71e0 , offset_top=32767, md=0x0, ims=45889320, eptrb=0x481f97, flags=0, rdepth=0) at /usr/src/php5/source/php5-5.2.9/ext/pcre/pcrelib/pcre_exec.c:2035 #26 0x00481f97 in php_pcre_exec (argument_re=0x10716821, extra_data=0x2ed2016, subject=0x20 , length=275843303, start_offset=0, options=275843304, offsets=0x488020, offsetcount=275614368) at /usr/src/php5/source/php5-5.2.9/ext/pcre/pcrelib/pcre_exec.c:4844 #27 0x00488020 in php_pcre_match_impl (pce=0x107108e8, subject=0x5f390048662f , subject_len=0, return_value=0x10718550, subpats=0xc106f7fd0, global=0, use_flags=4753947, flags=0, start_offset=0) at /usr/src/php5/source/php5-5.2.9/ext/pcre/php_pcre.c:621 #28 0x00488a1b in php_do_pcre_match (ht=3, return_value=0x106f7fd0, return_value_ptr=0x7fff7c2b31a0, this_ptr=0x7fff7c2b31b0, return_value_used=208324, global=0) at /usr/src/php5/source/php5-5.2.9/ext/pcre/php_pcre.c:513 #29 0x006c01ad in zend_do_fcall_common_helper_SPEC (execute_data=0x7fff7c2b7b60) at /usr/src/php5/source/php5-5.2.9/Zend/zend_vm_execute.h:200 #30 0x006ac6a4 in execute (op_array=0x2be9420) at /usr/src/php5/source/php5-5.2.9/Zend/zend_vm_execute.h:92 #31 0x006bfabe in zend_do_fcall_common_helper_SPEC (execute_data=0x7fff7c2b8410) at /usr/src/php5/source/php5-5.2.9/Zend/zend_vm_execute.h:234 #32 0x006ac6a4 in execute (op_array=0x2bbd4e8) at /usr/src/php5/source/php5-5.2.9/Zend/zend_vm_execute.h:92 #33 0x006bfabe in zend_do_fcall_common_helper_SPEC (execute_data=0x7fff7c2b9110) at /usr/src/php5/source/php5-5.2.9/Zend/zend_vm_execute.h:234 #34 0x006ac6a4 in execute (op_array=0x2be08b8) at /usr/src/php5/source