#23633 [Com]: Seg. Fault on ugly preg matching

komanek at natur dot cuni dot cz Thu, 16 Oct 2003 08:48:45 -0700

 ID:               23633
 Comment by:       komanek at natur dot cuni dot cz
 Reported By:      sprice at wisc dot edu
 Status:           Bogus
 Bug Type:         PCRE related
 Operating System: Mac OS 10.2.6
 PHP Version:      4CVS-2003-05-14 (stable)
 New Comment:


The same problem on Irix 6.5.20 with PHP 4.3.3 and apache 2.0.47 -
Horde/Imp uses a statement 

preg_match_all('|(\w+)://([^\s"<]*[\w+#?/&=])|', $text, $matches,
PREG_SET_ORDER);

to find all hrefs in the mail message body for latrer highlighting
them. Crashes every time the apache child process.

Why is pcre so unstable ? Should not it be recoverable on the php
engine level ?


Previous Comments:
------------------------------------------------------------------------

[2003-05-15 09:21:26] [EMAIL PROTECTED]

See bug #13618 and bug #20698 


------------------------------------------------------------------------

[2003-05-15 09:18:04] [EMAIL PROTECTED]

#0  0x81b9a41 in match (
    eptr=0x8778a89 "om fusion of blade margins in \r\n", ' ' <repeats
18 times>, "selected tubular leaves </font></td>\r\n", ' ' <repeats 14
times>, "</tr>\r\n", ' ' <repeats 14 times>, "<tr> \r\n", ' ' <repeats
16 times>, "<td width=\"140\"><b><font face=\"Arial, Helvetica,
sans-"..., ecode=0x8776b8f "K", offset_top=4, md=0xbfffd2bc, ims=0, 
    eptrb=0xbfe0225c, flags=2) at
/usr/src/web/php/php4/ext/pcre/pcrelib/pcre.c:4104
#1  0x81baa14 in match (
    eptr=0x8778a89 "om fusion of blade margins in \r\n", ' ' <repeats
18 times>, "selected tubular leaves </font></td>\r\n", ' ' <repeats 14
times>, "</tr>\r\n", ' ' <repeats 14 times>, "<tr> \r\n", ' ' <repeats
16 times>, "<td width=\"140\"><b><font face=\"Arial, Helvetica,
sans-"..., ecode=0x8776b97 "=", offset_top=4, md=0xbfffd2bc, ims=0, 
    eptrb=0xbfe0225c, flags=2) at
/usr/src/web/php/php4/ext/pcre/pcrelib/pcre.c:4730
#2  0x81b9b75 in match (
    eptr=0x8778a88 "rom fusion of blade margins in \r\n", ' ' <repeats
18 times>, "selected tubular leaves </font></td>\r\n", ' ' <repeats 14
times>, "</tr>\r\n", ' ' <repeats 14 times>, "<tr> \r\n", ' ' <repeats
16 times>, "<td width=\"140\"><b><font face=\"Arial, Helvetica,
sans"..., ecode=0x8776b8f "K", offset_top=4, md=0xbfffd2bc, ims=0, 
    eptrb=0xbfe0225c, flags=2) at
/usr/src/web/php/php4/ext/pcre/pcrelib/pcre.c:4206
#3  0x81baa14 in match (
    eptr=0x8778a88 "rom fusion of blade margins in \r\n", ' ' <repeats
18 times>, "selected tubular leaves </font></td>\r\n", ' ' <repeats 14
times>, "</tr>\r\n", ' ' <repeats 14 times>, "<tr> \r\n", ' ' <repeats
16 times>, "<td width=\"140\"><b><font face=\"Arial, Helvetica,
sans"..., ecode=0x8776b97 "=", offset_top=4, md=0xbfffd2bc, ims=0, 
    eptrb=0xbfe024bc, flags=2) at
/usr/src/web/php/php4/ext/pcre/pcrelib/pcre.c:4730
#4  0x81b9b75 in match (
    eptr=0x8778a87 "from fusion of blade margins in \r\n", ' ' <repeats
18 times>, "selected tubular leaves </font></td>\r\n", ' ' <repeats 14
times>, "</tr>\r\n", ' ' <repeats 14 times>, "<tr> \r\n", ' ' <repeats
16 times>, "<td width=\"140\"><b><font face=\"Arial, Helvetica,
san"..., ecode=0x8776b8f "K", offset_top=4, md=0xbfffd2bc, ims=0, 
    eptrb=0xbfe024bc, flags=2) at
/usr/src/web/php/php4/ext/pcre/pcrelib/pcre.c:4206

...and repeats couple of dozen times (#1 and #2, #3 and #4...)




------------------------------------------------------------------------

[2003-05-14 23:22:09] sprice at wisc dot edu

This code:
<?php
$glossary = file_get_contents( '/Users/sprice/Desktop/
glossary.htm' );
$matches = array();

preg_match_all( '/<td width="140"><b><font face="Arial, 
Helvetica, sans-serif" size="2">(\S|\s)+<\/font><\/
b><\/td>\s+<td width="525">/', $glossary, $matches );
?>
(glossary.htm can be found here:
http://botit.botany.wisc.edu/courses/structure_cd/
glossary.htm )

causes a segmentation fault (at least when run from the 
CLI). I suspect it is because it matches approx. 25764 
(227^2/2) things in the given html document. This also 
occurs when you replace preg_match_all() with 
preg_match().

This is output from GDB (Someone might want to 
duplicate results because I don't know what I am doing 
w/ GDB):
Program received signal EXC_BAD_ACCESS, Could not 
access memory.
match (eptr=0x49907f "ze=\"2\">multiple \r\n", ' ' 
<repeats 18 times>, "nuclei bounded by a single cell 
wall</font></td>\r\n", ' ' <repeats 14 times>, "</
tr>\r\n", ' ' <repeats 14 times>, "<tr> \r\n", ' ' 
<repeats 16 times>, "<td width=\"140\"><b><font 
face=\"Arial, Helvetica, sans-se"..., ecode=0x46f62f 
"=", offset_top=4, md=0xbfffd790, ims=0, 
eptrb=0xbff80290, flags=2) at /usr/local/php/php4-
STABLE-200305150330/ext/pcre/pcrelib/pcre.c:4136
4136    {


I can see why PHP would crash, but any crash is a bad 
crash, no?

------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=23633&edit=1

#23633 [Com]: Seg. Fault on ugly preg matching

Reply via email to