From: dave at westphila dot net
Operating system: Linux, Fedora Core 8
PHP version: 5.2.6
PHP Bug Type: Reproducible crash
Bug description: Segmentation Fault in preg_match
Description:
------------
I can reproduce a segfault in a preg_match call with a particular regular
expression and target text (which is a large html file). The offending
regEx and a very similar one which does not segfault are included in the
script I've attached.
Reproduce code:
---------------
<?php
$text = file_get_contents($argv[1]);
//$text = "A test
string....sdflsmdfs;ldfkgns;dklfjgnsdlkfjgns;df'adslfm,qr;ijgaldsfknvsdl,fbnwle;frnsdlkfjnsldkfjnvsdlkfjnbsldkfjnsldkfjgnsldkfjgnslkdfjgnsdffls
dflkgdf;lkgwndf;lkgnsdfkjngsfmn,sdfgsbndflkgjsbdflgkjsdbfglkjsdnfglksjdfnglksdjfnglsdkfjg";
$exp1 =
"/(<[^>^<]{1,20}>){0,1}(\s|<[^<^>]+>| )+L(<[^>^<]{1,20}>){0,1}imitation(\s|<[^<^>]+>| )+/";
$exp2 =
"/(<[^>^<]{1,20}>){0,1}(\s|<[^<^>]+>| )+L(<[^>^<]{1,20}>){0,1}imitation(\s|<[^<^>]+>| )+o/";
preg_match($exp1, $text);
echo "Passed Expression 1\n";
preg_match($exp2, $text);
echo "Passed Expression 2\n";
?>
Expected result:
----------------
The file may or may not match the regEx, out of memory maybe, but
certainly it shouldn't segfault.
Actual result:
--------------
The reg ex string in $exp1 runs ok. The expression in $exp2 is only one
character longer and produces a segfault when run on the file publicly
available here:
http://dev.xtractresearch.com/SD11212006CA.htm
A segfault does not happen when instead of this file a shorter string of
text is used (commented out in the script code). Length of the file should
not be an issue since the first regEx completes ok.
--
Edit bug report at http://bugs.php.net/?id=45224&edit=1
--
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=45224&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=45224&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=45224&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=45224&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=45224&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=45224&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=45224&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=45224&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=45224&r=support
Expected behavior: http://bugs.php.net/fix.php?id=45224&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=45224&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=45224&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=45224&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=45224&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=45224&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=45224&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=45224&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=45224&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=45224&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=45224&r=mysqlcfg
