ID: 48153
User updated by: raul dot gigea at directmedia dot de
Reported By: raul dot gigea at directmedia dot de
Status: Bogus
Bug Type: PCRE related
Operating System: FreeBSD 7.1-RELEASE-p4
PHP Version: 5.2CVS-2009-05-06 (snap)
New Comment:
Ok, tried it on osx. It doesn't crash with 1900 'a''s, but it crashes
with 2900.
Try this code on OSX with 5.2CVS, it crashes on my macbook. With latest
libmhash from macports as of today ( 0.9.9.9_0 ) :
$contents = 'sud' . str_repeat('a', 2900) . 'bccess';
$contents = preg_replace('/d(a)+b/', '', $contents);
echo $contents;
Previous Comments:
------------------------------------------------------------------------
[2009-05-06 22:54:53] raul dot gigea at directmedia dot de
Just tried it: with the 5.3 snapshot it works.
Compiling 5.2 on OSX right now
------------------------------------------------------------------------
[2009-05-06 22:30:22] [email protected]
The mhash library is gone in 5.3 and replaced with a wrapper around the
hash library.
Can you try a 5.3 snapshot and see if you get the issue?
I should say I can't reproduce this on 5.2 on OSX with the same
configure like Jani used.
------------------------------------------------------------------------
[2009-05-06 22:18:19] raul dot gigea at directmedia dot de
By the way, the mhash lib version is 0.9.9.
------------------------------------------------------------------------
[2009-05-06 22:09:55] raul dot gigea at directmedia dot de
I already described this in my original bug report, but I'll try to be
more explicit:
As I described before, if I tune pcre.recursion_limit and
pcre.backtrack_limit, than I get no segfault, but neither do I get the
correct output. As an example, this code:
$contents = 'sud' . str_repeat('a', 1900) . 'bccess';
$contents = preg_replace('/d(a)+b/', '', $contents);
echo $contents
Segfaults if recursion_limit/backtrack_limit is too high. Prints
"success" if everything went well, and prints nothing if
recursion_limit is too low.
I can only get it to print nothing tuning those two parameters. ( over
backtrack_limit 2458 it crashes, below 2457 it doesn't print anything
). So it's a workaround the segfault, but you get another problem -
you don't get the wanted result.
I suspect the problem could be in the mhash library, and the way php
uses it, because it prints 'success' if I disable the mhash extension.
------------------------------------------------------------------------
[2009-05-06 21:20:01] [email protected]
You either have to increase the stack size or tune pcre.recursion_limit
and pcre.backtrack_limit properly.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/48153
--
Edit this bug report at http://bugs.php.net/?id=48153&edit=1
