Edit report at https://bugs.php.net/bug.php?id=61579&edit=1
ID: 61579
Updated by: ni...@php.net
Reported by: robin at byte dot nl
Summary: Segfault preg_replace "/'(\\\\'|\\\\{2}|[^'])*'/"
with a long string
-Status: Feedback
+Status: Wont fix
Type: Bug
Package: PCRE related
Operating System: Debian 2.6.
PHP Version: 5.3.10
Block user comment: N
Private report: N
New Comment:
Closing as Wfx as this is a PCRE segfault (which is a known issue we can't
really fix).
Previous Comments:
------------------------------------------------------------------------
[2012-10-08 11:24:53] serge dot rivest at gmail dot com
I guess that's a question for the people in charge of Zend DB, where this
pattern
originates.
I'm just a user ;)
------------------------------------------------------------------------
[2012-10-08 10:00:31] ni...@php.net
I don't know what exactly the problem is you're facing, but there is a good
chance that it's just a stack overflow or similar caused by a very inefficient
regex.
You might be able to fix it simply by using "/'(\\\\'|\\\\{2}|[^']+)*'/".
The right approach though would be "/'[^'\\\\]*(?:\\\\.[^'\\\\]*)*'/".
------------------------------------------------------------------------
[2012-10-08 09:46:09] serge dot rivest at gmail dot com
It does appear to be failing on this line:
foreach ($db->fetchAll($sql) as $a)
Very very likely it's just running out of memory. Although every time it
crashes
we also get this in /var/log/syslog:
Oct 8 20:01:39 dev kernel: [726784.383723] php5-fpm[8644]: segfault at
7fff6b8a2f00 ip 00007f6607c80a7a sp 00007fff6b8a2e90 error 6 in
libpcre.so.3.12.1[7f6607c6e000+3c000]
Which is bizarre. Might just be a regexp in the DB driver which is being run
when
the process runs out of memory... Hrm, time to try Serges idea of using xdebug.
And we see:
0.8160 12868128 -> PDO->quote()
/www/studyladder.dev222/zendframework/Zend/Db/Adapter/Pdo/Abstract.php:296
0.8160 12868344 -> substr()
/www/studyladder.dev222/zendframework/Zend/Db/Statement.php:198
0.8160 12868456 -> str_replace()
/www/studyladder.dev222/zendframework/Zend/Db/Statement.php:199
0.8160 12868472 -> preg_replace()
/www/studyladder.dev222/zendframework/Zend/Db/Statement.php:204
So, probably not running out of memory. This is the code it's crashing on:
// get a version of the SQL statement with all quoted
// values and delimited identifiers stripped out
// remove "foo\"bar"
$sql = preg_replace("/$q($qe|\\\\{2}|[^$q])*$q/", '', $sql);
Don't really know what it is doing, but the regexp looks like this:
/'(\\'|\\{2}|[^'])*'/
And the query it is crashing on does have a long literal string in it with
single
quotes. Tried changing the query to use a long literal string with double
quotes
and that fixes it. Phew.
------------------------------------------------------------------------
[2012-03-31 18:24:38] yohg...@php.net
Cannot reproduce. Could you download source and test against it?
It seems your system's pcrelib problem.
------------------------------------------------------------------------
[2012-03-31 11:18:42] robin at byte dot nl
Looked a bit deeper/cleaner:
The preg_replace failes when the string between single quotes is equal or
longer than 3399 bytes including quotes... 3487 already did seem like an odd
number ;)
cleaner would be if you take $string = "'...3397chars...'";
then it fails with segfault,
$string = "'...less than 3397 chars...'"; works fine.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
https://bugs.php.net/bug.php?id=61579
--
Edit this bug report at https://bugs.php.net/bug.php?id=61579&edit=1
