From: koni at 2complex dot net
Operating system: Windows XP
PHP version: 4.3.3
PHP Bug Type: Reproducible crash
Bug description: preg_replace Offset error
Description:
------------
I wanted to write a vbb code style for a new forum and I used nl2br to
format the mysql data into html. As there was a special [code] ... [/code]
area in my vbb code which used the html <pre> ... </pre> command the
format the spaces correctly, I saw that nl2br changes \n into <br />\n and
therefor <pre> shows 2 lines instead of 1. As there 1. is no option for
nl2br to either replace with <br /> or < br/>\n, I wrote a small Code to
preg_replace the code between the [code] .. [/code] commands with a
placeholder, then nl2br the whole thing and then replace the placeholder
again with the code. This did work fine ... until I used the following
ascii figure between the [code] commands:
* g o a t s e x * g o a t s e x * g o a t s e x *
g g
o / \ \ / \ o
a| | \ | | a
t| `. | | : t
s` | | \| | s
e \ | / / \ --__ \ : e
x \ \/ _--~~ ~--__| \ | x
* \ \_-~ ~-_\ | *
g \_ \ _.--------.______\| | g
o \ \______// _ ___ _ (_(__> \ | o
a \ . C ___) ______ (_(____> | / a
t /\ | C ____)/ \ (_____> |_/ t
s / /\| C_____) | (___> / \ s
e | ( _C_____)\______/ // _/ / \ e
x | \ |__ \_________// (__/ | x
* | \ \____) `---- --' | *
g | \_ ___\ /_ _/ | g
o | / | | \ | o
a | | / \ \ | a
t | / / | | \ |t
s | / / \__/\___/ | |s
e | / / | | | |e
x | | | | | |x
* g o a t s e x * g o a t s e x * g o a t e x *
This gave me the following:
Warning: Compilation failed: missing ) at offset 1412 in
c:\phpdev\www\tattered\functions.php on line 788
and line 788 is:
$message =
preg_replace("#".escape($match)."#si","##$counter##",$message);
Every preg_replace crashes when it has to replace the above-mentioned
code.
Reproduce code:
---------------
function escape($string) {
$list = array("[" => "\[", "]" => "\]", "/" => "\/");
foreach($list as $search => $replace) {
$string = str_replace($search, $replace, $string);
}
return $string;
}
preg_match_all("#\[code\]([^\[]*)\[\/code\]#si",$message,$matches);
foreach($matches[0] as $counter => $match) {
$message =
preg_replace("#".escape($match)."#si","##$counter##",$message);
}
$message = nl2br($message);
foreach($matches[0] as $counter => $match) {
$message = preg_replace("/##$counter##/si",$match,$message);
}
Expected result:
----------------
g o a t s e x * g o a t s e x * g o a t s e x *
g g
o / \ \ / \ o
a| | \ | | a
t| `. | | : t
s` | | \| | s
e \ | / / \ --__ \ : e
x \ \/ _--~~ ~--__| \ | x
* \ \_-~ ~-_\ | *
g \_ \ _.--------.______\| | g
o \ \______// _ ___ _ (_(__> \ | o
a \ . C ___) ______ (_(____> | / a
t /\ | C ____)/ \ (_____> |_/ t
s / /\| C_____) | (___> / \ s
e | ( _C_____)\______/ // _/ / \ e
x | \ |__ \_________// (__/ | x
* | \ \____) `---- --' | *
g | \_ ___\ /_ _/ | g
o | / | | \ | o
a | | / \ \ | a
t | / / | | \ |t
s | / / \__/\___/ | |s
e | / / | | | |e
x | | | | | |x
* g o a t s e x * g o a t s e x * g o a t e x *
Actual result:
--------------
g o a t s e x * g o a t s e x * g o a t s e x *
g g
o / \ \ / \ o
a| | \ | | a
t| `. | | : t
s` | | \| | s
e \ | / / \ --__ \ : e
x \ \/ _--~~ ~--__| \ | x
* \ \_-~ ~-_\ | *
g \_ \ _.--------.______\| | g
o \ \______// _ ___ _ (_(__> \ | o
a \ . C ___) ______ (_(____> | / a
t /\ | C ____)/ \ (_____> |_/ t
s / /\| C_____) | (___> / \ s
e | ( _C_____)\______/ // _/ / \ e
x | \ |__ \_________// (__/ | x
* | \ \____) `---- --' | *
g | \_ ___\ /_ _/ | g
o | / | | \ | o
a | | / \ \ | a
t | / / | | \ |t
s | / / \__/\___/ | |s
e | / / | | |
|e
x | | | | |
|x
* g o a t s e x * g o a t s e x * g o a t e x *
--
Edit bug report at http://bugs.php.net/?id=25512&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=25512&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=25512&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=25512&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=25512&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=25512&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=25512&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=25512&r=support
Expected behavior: http://bugs.php.net/fix.php?id=25512&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=25512&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=25512&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=25512&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=25512&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=25512&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=25512&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=25512&r=gnused
