ID: 49729 Updated by: j...@php.net Reported By: kendallb at amainhobbies dot com -Status: Verified +Status: Bogus Bug Type: Reproducible crash Operating System: Mac OS 10.6.1 PHP Version: 5.3.0 New Comment:
See bug #47689 Previous Comments: ------------------------------------------------------------------------ [2009-10-01 11:13:14] sjo...@php.net Could reproduce with PHP 5.3 rev 288893, MacOS X 10.5.8. (gdb) r Starting program: /Users/sjoerd/Sources/php-src-5.3/sapi/cli/php -e -f /Volumes/sjoerd-nfs/public_html/svnreps/test/a.php Reading symbols for shared libraries ++++++++++....... done Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_PROTECTION_FAILURE at address: 0xbf7ffa7c 0x00058fed in match (eptr=0x976eca " OF BULLSHIT!!!\n THIS"..., ecode=0xaf07ae "_", mstart=0x976404 "'\n THIS"..., offset_top=4, md=0xbfffeacc, ims=0, eptrb=0x0, flags=0, rdepth=5515) at /Users/sjoerd/Sources/php-src-5.3/ext/pcre/pcrelib/pcre_exec.c:432 432 { (gdb) bt .... .... .... #5513 0x0005ad96 in match (eptr=0x976406 " THIS"..., ecode=0xaf07c3 "V", mstart=0x976404 "'\n THIS"..., offset_top=4, md=0xbfffeacc, ims=0, eptrb=0x0, flags=0, rdepth=2) at /Users/sjoerd/Sources/php-src-5.3/ext/pcre/pcrelib/pcre_exec.c:1361 #5514 0x00059664 in match (eptr=0x976405 "\n THIS"..., ecode=0xaf07be "T", mstart=0x976404 "'\n THIS"..., offset_top=2, md=0xbfffeacc, ims=0, eptrb=0x0, flags=0, rdepth=1) at /Users/sjoerd/Sources/php-src-5.3/ext/pcre/pcrelib/pcre_exec.c:720 #5515 0x0005a87d in match (eptr=0x976405 "\n THIS"..., ecode=0xaf07ad "g_", mstart=0x976404 "'\n THIS"..., offset_top=2, md=0xbfffeacc, ims=0, eptrb=0x0, flags=0, rdepth=0) at /Users/sjoerd/Sources/php-src-5.3/ext/pcre/pcrelib/pcre_exec.c:1224 #5516 0x00066e97 in php_pcre_exec (argument_re=0xaf0780, extra_data=0xbfffec3c, subject=0x976404 "'\n THIS"..., length=6075, start_offset=0, options=0, offsets=0x972530, offsetcount=6) at /Users/sjoerd/Sources/php-src-5.3/ext/pcre/pcrelib/pcre_exec.c:4895 #5517 0x0006d5d6 in php_pcre_replace_impl (pce=0xaf07d0, subject=0x976404 "'\n THIS"..., subject_len=6075, replace_val=0x972344, is_callable_replace=0, result_len=0xbfffee5c, limit=-1, replace_count=0xbfffee48) at /Users/sjoerd/Sources/php-src-5.3/ext/pcre/php_pcre.c:1040 #5518 0x0006d346 in php_pcre_replace (regex=0x972438 "/'(\\\\'|\\\\{2}|[^'])*'/", regex_len=21, subject=0x976404 "'\n THIS"..., subject_len=6075, replace_val=0x972344, is_callable_replace=0, result_len=0xbfffee5c, limit=-1, replace_count=0xbfffee48) at /Users/sjoerd/Sources/php-src-5.3/ext/pcre/php_pcre.c:950 #5519 0x0006e347 in php_replace_in_subject (regex=0x9723f8, replace=0x972344, subject=0xc0012c, result_len=0xbfffee5c, limit=-1, is_callable_replace=0, replace_count=0xbfffee48) at /Users/sjoerd/Sources/php-src-5.3/ext/pcre/php_pcre.c:1267 #5520 0x0006eeff in preg_replace_impl (ht=3, return_value=0x9723b8, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1, is_callable_replace=0, is_filter=0) at /Users/sjoerd/Sources/php-src-5.3/ext/pcre/php_pcre.c:1367 #5521 0x0006f00a in zif_preg_replace (ht=3, return_value=0x9723b8, return_value_ptr=0x0, this_ptr=0x0, return_value_used=1) at /Users/sjoerd/Sources/php-src-5.3/ext/pcre/php_pcre.c:1387 #5522 0x0045efd9 in zend_do_fcall_common_helper_SPEC (execute_data=0xc00040) at zend_vm_execute.h:313 #5523 0x004645d9 in ZEND_DO_FCALL_SPEC_CONST_HANDLER (execute_data=0xc00040) at zend_vm_execute.h:1602 #5524 0x0045e112 in execute (op_array=0x9719f0) at zend_vm_execute.h:104 #5525 0x0042ee7e in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /Users/sjoerd/Sources/php-src-5.3/Zend/zend.c:1188 #5526 0x003b3321 in php_execute_script (primary_file=0xbffff7fc) at /Users/sjoerd/Sources/php-src-5.3/main/main.c:2214 #5527 0x00507e5f in main (argc=4, argv=0xbffff8f0) at /Users/sjoerd/Sources/php-src-5.3/sapi/cli/php_cli.c:1190 (gdb) ------------------------------------------------------------------------ [2009-10-01 10:37:43] f...@php.net Not reproducible on Linux x86, so maybe Mac only. ------------------------------------------------------------------------ [2009-10-01 02:00:38] kendallb at amainhobbies dot com Description: ------------ The following code causes a crash in PHP 5.3.0 (or 5.2.10) as supplied by Zend Studio 7. It also causes a crash in PHP 5.3.0 as compiled by MacPorts, so it appears to be a generic bug. Reproduce code: --------------- <?php /** * Cause a segfault in PHP 5.3.0 */ $html = " THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! THIS IS A BUNCH OF BULLSHIT!!! "; $sql = "'" . $html . "'"; $preg = "/'(\\\\'|\\\\{2}|[^'])*'/"; $sql = preg_replace($preg, 'replace', $sql); echo $sql; Expected result: ---------------- replace Actual result: -------------- Segmentation fault. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=49729&edit=1