From: dave at westphila dot net Operating system: Linux, Fedora Core 8 PHP version: 5.2.6 PHP Bug Type: Reproducible crash Bug description: Segmentation Fault in preg_match
Description: ------------ I can reproduce a segfault in a preg_match call with a particular regular expression and target text (which is a large html file). The offending regEx and a very similar one which does not segfault are included in the script I've attached. Reproduce code: --------------- <?php $text = file_get_contents($argv[1]); //$text = "A test string....sdflsmdfs;ldfkgns;dklfjgnsdlkfjgns;df'adslfm,qr;ijgaldsfknvsdl,fbnwle;frnsdlkfjnsldkfjnvsdlkfjnbsldkfjnsldkfjgnsldkfjgnslkdfjgnsdffls dflkgdf;lkgwndf;lkgnsdfkjngsfmn,sdfgsbndflkgjsbdflgkjsdbfglkjsdnfglksjdfnglksdjfnglsdkfjg"; $exp1 = "/(<[^>^<]{1,20}>){0,1}(\s|<[^<^>]+>| )+L(<[^>^<]{1,20}>){0,1}imitation(\s|<[^<^>]+>| )+/"; $exp2 = "/(<[^>^<]{1,20}>){0,1}(\s|<[^<^>]+>| )+L(<[^>^<]{1,20}>){0,1}imitation(\s|<[^<^>]+>| )+o/"; preg_match($exp1, $text); echo "Passed Expression 1\n"; preg_match($exp2, $text); echo "Passed Expression 2\n"; ?> Expected result: ---------------- The file may or may not match the regEx, out of memory maybe, but certainly it shouldn't segfault. Actual result: -------------- The reg ex string in $exp1 runs ok. The expression in $exp2 is only one character longer and produces a segfault when run on the file publicly available here: http://dev.xtractresearch.com/SD11212006CA.htm A segfault does not happen when instead of this file a shorter string of text is used (commented out in the script code). Length of the file should not be an issue since the first regEx completes ok. -- Edit bug report at http://bugs.php.net/?id=45224&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=45224&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=45224&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=45224&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=45224&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=45224&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=45224&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=45224&r=needscript Try newer version: http://bugs.php.net/fix.php?id=45224&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=45224&r=support Expected behavior: http://bugs.php.net/fix.php?id=45224&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=45224&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=45224&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=45224&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=45224&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=45224&r=dst IIS Stability: http://bugs.php.net/fix.php?id=45224&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=45224&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=45224&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=45224&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=45224&r=mysqlcfg