Bug #15829: using nonexistingn back reference in regex crashes PHP

Sat, 02 Mar 2002 03:30:41 -0800 

From:             [EMAIL PROTECTED]
Operating system: Debian (Sid) Linux
PHP version:      4.0CVS-2002-03-02
PHP Bug Type:     Reproducible crash
Bug description:  using nonexistingn back reference in regex crashes PHP

The testscript ext/standard/tests/reg/012.phpt (" nonexisting back
reference") causes PHP to segfault:

<?php $a="abc123";
  echo ereg_replace("123",'def\1ghi',$a)?>

#0  0x4017e197 in memcpy () from /lib/libc.so.6
#1  0x08133fd5 in php_reg_replace (pattern=0x82daf4c "123", 
    replace=0x82daf64 "def\\1ghi", string=0x82daf84 "abc123", icase=0, 
    extended=1) at reg.c:377
#2  0x081343ca in php_ereg_replace (ht=3, return_value=0x82daf2c, 
    this_ptr=0x0, return_value_used=1, icase=0) at reg.c:475
#3  0x081344b5 in zif_ereg_replace (ht=3,nonexisting back reference
 return_value=0x82daf2c, 
    this_ptr=0x0, return_value_used=1) at reg.c:493
#4  0x08175b9e in execute (op_array=0x82dafcc) at ./zend_execute.c:1598
#5  0x080895ee in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at zend.c:810
#6  0x080946e6 in php_execute_script (primary_file=0xbffffa48) at
main.c:1337
#7  0x08076493 in main (argc=2, argv=0xbffffac4) at php_cli.c:555
#8  0x4012265f in __libc_start_main () from /lib/libc.so.6

Configure line:
'./configure'  '--with-apxs=/usr/local/apache/bin/apxs'  '--with-mysql' 
'--enable-ftp'  '--enable-sockets'  '--enable-calendar'  '--enable-bcmath'
 '--with-pcntl'  '--enable-ctype'  '--with-mhash'  '--with-openssl' 
'--enable-dbase'  '--with-curl'  '--enable-dbx'  '--enable-dio' 
'--enable-exif'  '--with-pgsql'  '--with-pspell'  '--enable-filepro' 
'--enable-gd'  '--enable-gd-native-ttf'  '--with-jpeg-dir=/usr' 
'--with-png-dir=/usr'  '--with-gettext'  '--with-gmp' 
'--enable-mailparse'  '--enable-mbstring'  '--enable-mbstr-enc-trans' 
'--enable-mgrexeg'  '--with-zlib'  '--with-bzip2'  '--with-imap' 
'--enable-inline-optimization'  '--with-readline' 
-- 
Edit bug report at http://bugs.php.net/?id=15829&edit=1
-- 
Fixed in CVS:        http://bugs.php.net/fix.php?id=15829&r=fixedcvs
Fixed in release:    http://bugs.php.net/fix.php?id=15829&r=alreadyfixed
Need backtrace:      http://bugs.php.net/fix.php?id=15829&r=needtrace
Try newer version:   http://bugs.php.net/fix.php?id=15829&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=15829&r=support
Expected behavior:   http://bugs.php.net/fix.php?id=15829&r=notwrong
Not enough info:     http://bugs.php.net/fix.php?id=15829&r=notenoughinfo
Submitted twice:     http://bugs.php.net/fix.php?id=15829&r=submittedtwice

Reply via email to