Edit report at https://bugs.php.net/bug.php?id=65009&edit=1
ID: 65009 Comment by: r dot hampartsumyan at gmail dot com Reported by: r dot hampartsumyan at gmail dot com Summary: preg_match segmentation fault with long strings Status: Feedback Type: Bug Package: PCRE related Operating System: Linux (Debian 6.0 and Mint 13) PHP Version: 5.4.16 Block user comment: N Private report: N New Comment: Setting a big enough value for pcre.backtrack_limit would solve the problem but shouldn't this emit some pcre error instead of segfault? According to the example in http://php.net/manual/en/function.preg-last-error.php this should be a catchable error Previous Comments: ------------------------------------------------------------------------ [2013-06-10 21:11:09] a...@php.net Already tried to increase the backtrack and recursion limit? ------------------------------------------------------------------------ [2013-06-10 19:19:13] r dot hampartsumyan at gmail dot com Description: ------------ When trying to match a longer string with the following regex, preg_match causes a segmentation fault - $pattern = "/^(?:%[[:xdigit:]]{2}|[A-Za-z0-9-_.!~*'()\[\];\/?:@&=+$,])*$/"; (this is the regex used in zf1's Zend_Uri_Http for validating queries). Tested with 5.3.26, 5.4.16 and 5.5rc3 The fault is reproducible in cli as well as in apache context, though the length of the string needed may vary (for example, I managed to reproduce it in apache context with shorter string by activating a perl module that allocates more memmory /the more memmory used by the mod - the shorter the string that caused the fault/) Test script: --------------- $query = str_repeat("x", 20000); $pattern = "/^(?:%[[:xdigit:]]{2}|[A-Za-z0-9-_.!~*'()\[\];\/?:@&=+$,])*$/"; $status = @preg_match($pattern, $query); echo "success"; Expected result: ---------------- "success" Actual result: -------------- (gdb) bt #0 0x080db48a in match (eptr=0xb774ebee 'x' <repeats 200 times>..., ecode=<error reading variable: Cannot access memory at address 0xbf233f44>, mstart=<error reading variable: Cannot access memory at address 0xbf233f5c>, offset_top=2, md=<error reading variable: Cannot access memory at address 0xbf233f58>, eptrb=<error reading variable: Cannot access memory at address 0xbf233f54>, rdepth=11624) at /home/rado/phpsrcs/php-src/ext/pcre/pcrelib/pcre_exec.c:500 #1 0x080dc235 in match (eptr=0xb774ebee 'x' <repeats 200 times>..., ecode=0x972c8dd "}", mstart=0xb774be88 'x' <repeats 200 times>..., offset_top=2, md=0xbfa2f714, eptrb=0x0, rdepth=11623) at /usr/local/phpsrcs/5.4.16/php-src/ext/pcre/pcrelib/pcre_exec.c:1069 #2 0x080de3f5 in match (eptr=0xb774ebee 'x' <repeats 200 times>..., ecode=0x972c92c "s", mstart=0xb774be88 'x' <repeats 200 times>..., offset_top=2, md=0xbfa2f714, eptrb=0x0, rdepth=11622) at /usr/local/phpsrcs/5.4.16/php-src/ext/pcre/pcrelib/pcre_exec.c:2039 #3 0x080de3f5 in match (eptr=0xb774ebed 'x' <repeats 200 times>..., ecode=0x972c92c "s", mstart=0xb774be88 'x' <repeats 200 times>..., offset_top=2, md=0xbfa2f714, eptrb=0x0, rdepth=11621) at /usr/local/phpsrcs/5.4.16/php-src/ext/pcre/pcrelib/pcre_exec.c:2039 #4 0x080de3f5 in match (eptr=0xb774ebec 'x' <repeats 200 times>..., ecode=0x972c92c "s", mstart=0xb774be88 'x' <repeats 200 times>..., offset_top=2, md=0xbfa2f714, eptrb=0x0, rdepth=11620) at /usr/local/phpsrcs/5.4.16/phpsrcs/php-src/ext/pcre/pcrelib/pcre_exec.c:2039 #5 0x080de3f5 in match (eptr=0xb774ebeb 'x' <repeats 200 times>..., ecode=0x972c92c "s", mstart=0xb774be88 'x' <repeats 200 times>..., offset_top=2, md=0xbfa2f714, eptrb=0x0, rdepth=11619) at /usr/local/phpsrcs/5.4.16/phpsrcs/php-src/ext/pcre/pcrelib/pcre_exec.c:2039 #6 0x080de3f5 in match (eptr=0xb774ebea 'x' <repeats 200 times>..., ecode=0x972c92c "s", mstart=0xb774be88 'x' <repeats 200 times>..., offset_top=2, md=0xbfa2f714, eptrb=0x0, rdepth=11618) at /usr/local/phpsrcs/5.4.16/php-src/ext/pcre/pcrelib/pcre_exec.c:2039 #7 0x080de3f5 in match (eptr=0xb774ebe9 'x' <repeats 200 times>..., ecode=0x972c92c "s", mstart=0xb774be88 'x' <repeats 200 times>..., offset_top=2, md=0xbfa2f714, eptrb=0x0, rdepth=11617) at /usr/local/phpsrcs/5.4.16/php-src/ext/pcre/pcrelib/pcre_exec.c:2039 #8 0x080de3f5 in match (eptr=0xb774ebe8 'x' <repeats 200 times>..., ecode=0x972c92c "s", mstart=0xb774be88 'x' <repeats 200 times>..., offset_top=2, md=0xbfa2f714, eptrb=0x0, rdepth=11616) at /usr/local/phpsrcs/5.4.16/php-src/ext/pcre/pcrelib/pcre_exec.c:2039 #9 0x080de3f5 in match (eptr=0xb774ebe7 'x' <repeats 200 times>..., ecode=0x972c92c "s", mstart=0xb774be88 'x' <repeats 200 times>..., offset_top=2, md=0xbfa2f714, eptrb=0x0, rdepth=11615) at /usr/local/phpsrcs/5.4.16/php-src/ext/pcre/pcrelib/pcre_exec.c:2039 #10 0x080de3f5 in match (eptr=0xb774ebe6 'x' <repeats 200 times>..., ecode=0x972c92c "s", mstart=0xb774be88 'x' <repeats 200 times>..., offset_top=2, md=0xbfa2f714, eptrb=0x0, rdepth=11614) at /usr/local/phpsrcs/5.4.16/php-src/ext/pcre/pcrelib/pcre_exec.c:2039 #11 0x080de3f5 in match (eptr=0xb774ebe5 'x' <repeats 200 times>..., ecode=0x972c92c "s", mstart=0xb774be88 'x' <repeats 200 times>..., offset_top=2, md=0xbfa2f714, eptrb=0x0, rdepth=11613) at /usr/local/phpsrcs/5.4.16/php-src/ext/pcre/pcrelib/pcre_exec.c:2039 #12 0x080de3f5 in match (eptr=0xb774ebe4 'x' <repeats 200 times>..., ecode=0x972c92c "s", mstart=0xb774be88 'x' <repeats 200 times>..., offset_top=2, md=0xbfa2f714, eptrb=0x0, rdepth=11612) at /usr/local/phpsrcs/5.4.16/php-src/ext/pcre/pcrelib/pcre_exec.c:2039 ................. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=65009&edit=1
