#28461 [Fbk-Opn]: segmentation fault when using backreferences on a long string
ID: 28461 User updated by: xanthor at xanthor dot tk Reported By: xanthor at xanthor dot tk -Status: Feedback +Status: Open Bug Type: PCRE related Operating System: * PHP Version: 4.4.1 Assigned To: andrei New Comment: Here is the bactrace : http://rafb.net/paste/results/221Dcs52.html I don't know if this will be usefull :¬/ Previous Comments: [2005-11-16 10:21:24] [EMAIL PROTECTED] Thank you for this bug report. To properly diagnose the problem, we need a backtrace to see what is happening behind the scenes. To find out how to generate a backtrace, please read http://bugs.php.net/bugs-generating-backtrace.php Once you have generated a backtrace, please submit it to this bug report and change the status back to Open. Thank you for helping us make PHP better. [2005-11-16 04:48:51] xanthor at xanthor dot tk Still crashes with 4.4.1, increasing the length of the string. [2005-06-30 01:00:04] php-bugs at lists dot php dot net No feedback was provided for this bug for over a week, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to Open. [2005-06-22 21:51:39] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5-latest.tar.gz For Windows: http://snaps.php.net/win32/php5-win32-latest.zip Can't reproduce with latest PHP4 and PHP5 snapshots (PCRE was upgraded to 5.0, this might have fixed it). [2004-12-09 14:57:59] [EMAIL PROTECTED] This is the standard PCRE uses on-stack recursion bug which has been filed and closed umpteen times. To reproduce just increase the length of the string until exhausts your stack space. One way PHP could mitigate the issue is to to set the match_limit field in the pcre_extra structure which puts a limit on the depth of the stack recursion. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/28461 -- Edit this bug report at http://bugs.php.net/?id=28461edit=1
#28461 [Fbk-Opn]: segmentation fault when using backreferences on a long string
ID: 28461
User updated by: xanthor at xanthor dot tk
Reported By: xanthor at xanthor dot tk
-Status: Feedback
+Status: Open
Bug Type: PCRE related
Operating System: Linux, WindowsXP©
-PHP Version: 4.3.9, 5.0.2
+PHP Version: 4.3.9, 4.3.10RC2, 5.0.2
New Comment:
Still segfault with PHP 4.3.10RC2 and PCRE Library Version 4.5
01-December-2003
Previous Comments:
[2004-12-06 16:17:35] [EMAIL PROTECTED]
Can't reproduce with any of dev versions (tried latest 4.3.10-dev,
5.1.0-dev 5.0.3-dev under Linux). Please, try latest snapshots and
tell me what version of pcre you're using (mine is 3.9) if you're still
able to reproduce it.
[2004-09-28 10:41:22] xanthor at xanthor dot tk
The regexs still crash PHP 4.3.9 and PHP 5.0.2
[2004-09-16 15:50:47] [EMAIL PROTECTED]
your last regex crashes PHP 5 also.
The segfault isn't in PHP but in pcre (this is quite normal due to the
NFA nature of pcre).
[2004-09-10 17:01:41] hewei at ied dot org dot cn
preg_match(/(((?!aaa).)*)(?!aaa)aaa/,str_repeat('
',10882).'aaa',$z);
crashes PHP4.3.9RC2
But not on php-4.3.2-11.1.ent (WBEL 3.0), the length
to trigger segmentation fault is about 19230.
The most funny thing is that the more closer to the limit, the more
likely you will get a random segmentation fault.
Not only the above pattern will cause the error,
preg_match(/^( )*$/,str_repeat(' ',19250));
will too.
[2004-09-10 12:49:48] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php5-STABLE-latest.tar.gz
For Windows:
http://snaps.php.net/win32/php5.0-win32-latest.zip
I couldn't reproduce any of the crashes.
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/28461
--
Edit this bug report at http://bugs.php.net/?id=28461edit=1
#28461 [Fbk-Opn]: segmentation fault when using backreferences on a long string
ID: 28461
Updated by: [EMAIL PROTECTED]
Reported By: xanthor at xanthor dot tk
-Status: Feedback
+Status: Open
Bug Type: PCRE related
Operating System: Linux, WindowsXP©
PHP Version: 4.3.8; 4.3.9RC1, 5.0.1
New Comment:
your last regex crashes PHP 5 also.
The segfault isn't in PHP but in pcre (this is quite normal due to the
NFA nature of pcre).
Previous Comments:
[2004-09-10 17:01:41] hewei at ied dot org dot cn
preg_match(/(((?!aaa).)*)(?!aaa)aaa/,str_repeat('
',10882).'aaa',$z);
crashes PHP4.3.9RC2
But not on php-4.3.2-11.1.ent (WBEL 3.0), the length
to trigger segmentation fault is about 19230.
The most funny thing is that the more closer to the limit, the more
likely you will get a random segmentation fault.
Not only the above pattern will cause the error,
preg_match(/^( )*$/,str_repeat(' ',19250));
will too.
[2004-09-10 12:49:48] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php5-STABLE-latest.tar.gz
For Windows:
http://snaps.php.net/win32/php5.0-win32-latest.zip
I couldn't reproduce any of the crashes.
[2004-08-23 11:24:50] xanthor at xanthor dot tk
Updating version :
I've found an other expression which segfaults also PHP 5 :
preg_match(/^((?!a).)*/,str_repeat('b',21236),$z);
[2004-07-19 11:11:33] xanthor at xanthor dot tk
The bug is still here with PHP 4.3.8
[2004-05-21 11:17:44] xanthor at xanthor dot tk
No it isn't fixed :
with 2236+3 chars it works, but when we increase this number we manage
to have an other segmentation fault.
(The new limit seems to be 2247+3)
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/28461
--
Edit this bug report at http://bugs.php.net/?id=28461edit=1
#28461 [Fbk-Opn]: segmentation fault when using backreferences on a long string
ID: 28461
User updated by: xanthor at xanthor dot tk
Reported By: xanthor at xanthor dot tk
-Status: Feedback
+Status: Open
Bug Type: PCRE related
Operating System: Linux, WindowsXP©
PHP Version: 4.3.6
New Comment:
No it isn't fixed :
with 2236+3 chars it works, but when we increase this number we manage
to have an other segmentation fault.
(The new limit seems to be 2247+3)
Previous Comments:
[2004-05-21 01:13:19] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php4-STABLE-latest.tar.gz
For Windows:
http://snaps.php.net/win32/php4-win32-STABLE-latest.zip
[2004-05-20 22:15:47] xanthor at xanthor dot tk
Description:
This line crash PHP with a segmentation fault.
It use a 3-chars-long back reference, on a 2236+3 chars-long string
If the back references is only 2 chars long, it's ok.
If the long string is less that 2236+3 chars, it's ok too...
Reproduce code:
---
preg_match(/(((?!aaa).)*)(?!aaa)aaa/,str_repeat('
',2236).'aaa',$z);
Expected result:
No crash, and true return by the preg_match
Actual result:
--
segmentation fault
--
Edit this bug report at http://bugs.php.net/?id=28461edit=1
