ID: 26020 Updated by: [EMAIL PROTECTED] Reported By: coldrain at workingonit dot org -Status: Open +Status: Bogus Bug Type: PCRE related Operating System: Linux PHP Version: 4.3.3 New Comment:
Please do not submit the same bug more than once. An existing bug report already describes this very problem. Even if you feel that your issue is somewhat different, the resolution is likely to be the same. Because of this, we hope you add your comments to the existing bug instead. Thank you for your interest in PHP. See bug #25754 (I get the same GDB backtraces with your example script and the one in that report) Previous Comments: ------------------------------------------------------------------------ [2003-10-28 16:54:12] coldrain at workingonit dot org Earlier this evening, I installed a fresh 4.3.3 from source on a Debian 3.1 box with: leo:/work/php-4.3.3# ./configure --with-mysql leo:/work/php-4.3.3# make leo:/work/php-4.3.3# make install Pretty default, nothing fancy. It didn't change anything with regards to the segfault problem with preg_replace. In http://www.workingonit.org/bug26020/bug26020.tgz you find 4 files, 2 html files to be used as source files, and the 2 accompanying php files. You wille have to adapt the php scripts to you own needs (aka set the $folder). As mentioned before, the results apparantly are dependant on what platform the scripts are executed, so you might have to twiddle with the html source files (add or delete characters from the body) in order to reproduce the problem. I have to admit I'm not very knowledgable on the PCRE library itself. Otoh, it's odd that two different distro's with the same installed cli version of php (4.2.2) give different results in how big the to-be-converted file can be. Even if one of these boxes is 'upgraded' to the newest version of php, the problem remains. Not really upgraded, since I removed the previous 4.2.2 install. If you need more info, config, or whatever, I'm happy to provide it. ------------------------------------------------------------------------ [2003-10-28 16:03:09] [EMAIL PROTECTED] Please provide the configure line you used to configure PHP and also a complete example. I actually think this is not really any bug as is, but simply a limitation in PCRE library. The maximum length of matched pattern. (iirc..:) ------------------------------------------------------------------------ [2003-10-28 12:08:57] coldrain at workingonit dot org Description: ------------ Variable $fileContent is a rather small html file. A function (see below) converts some comment tags and writes the output to a different file. On a RH 8 install, the maximum size of this html file is 9233 bytes. Add 1 or more characters to the html file, and the function causes a segmentation fault. PHP version is 4.2.2 which comes standard with RedHat. Also tested on a Debian 3.1 install, where the max size of the source html file proved to be 11690 bytes. Reproduce code: --------------- function revertComments($fileContent) { $pattern = "/<div\s+id=\"?WebEdit\"?\s+comment=\"([^\"]+)\">((?:(?:<div[^>]*>[\d\D]*<\/div>)|[\d\D]*)*)<\/div>/siU"; $replace = "<!-- #BeginEditable \"\\1\" -->\\2<!-- #EndEditable -->"; $fileContent = preg_replace($pattern, $replace, $fileContent); return $fileContent; } Expected result: ---------------- The function should convert the input. Actual result: -------------- The script I used was called jjj.php. The output is only part of the strace. The size of the source html to be converted was 9234 bytes. open("jjj.php", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=697, ...}) = 0 getcwd("/var/www/html/interselect-r30/testjes", 4096) = 38 lstat64("/var", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat64("/var/www", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat64("/var/www/html", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat64("/var/www/html/interselect-r30", {st_mode=S_IFDIR|0757, st_size=4096, ...}) = 0 lstat64("/var/www/html/interselect-r30/testjes", {st_mode=S_IFDIR|0757, st_size=4096, ...}) = 0 lstat64("/var/www/html/interselect-r30/testjes/jjj.php", {st_mode=S_IFREG|0644, st_size=697, ...}) = 0 fstat64(3, {st_mode=S_IFREG|0644, st_size=697, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4001a000 read(3, "<?php\n\n\n\nfunction revertComments"..., 4096) = 697 _llseek(3, 0, [0], SEEK_SET) = 0 brk(0) = 0x824c000 brk(0x8250000) = 0x8250000 ioctl(3, SNDCTL_TMR_TIMEBASE, 0xbfffd1b0) = -1 ENOTTY (Inappropriate ioctl for device) brk(0) = 0x8250000 brk(0x8251000) = 0x8251000 read(3, "<?php\n\n\n\nfunction revertComments"..., 8192) = 697 read(3, "", 4096) = 0 brk(0) = 0x8251000 brk(0x8252000) = 0x8252000 read(3, "", 8192) = 0 ioctl(3, SNDCTL_TMR_TIMEBASE, 0xbfffc150) = -1 ENOTTY (Inappropriate ioctl for device) close(3) = 0 munmap(0x4001a000, 4096) = 0 open("/var/www/html/interselect-r30/testjes/content.html", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=9235, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4001a000 read(3, "<div id=\"WebEdit\" comment=\"wijzi"..., 4096) = 4096 read(3, "to cause problems (at least that"..., 4096) = 4096 read(3, "y frustrated with the lack of pr"..., 4096) = 1043 read(3, "", 4096) = 0 close(3) = 0 munmap(0x4001a000, 4096) = 0 brk(0) = 0x8252000 brk(0x8254000) = 0x8254000 brk(0) = 0x8254000 brk(0x8259000) = 0x8259000 --- SIGSEGV (Segmentation fault) --- +++ killed by SIGSEGV +++ The same script with the same html source file but 1 character removed has more or less the same output as above, but continues (see below) instead of segfaulting: open("/var/www/html/interselect-r30/testjes/geconverteerd.html", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4001a000 write(3, "<!-- #BeginEditable \"wijzigbare "..., 8192) = 8192 write(3, "rustrated with the lack of progr"..., 1054) = 1054 close(3) = 0 munmap(0x4001a000, 4096) = 0 write(1, "X-Powered-By: PHP/4.2.2", 23X-Powered-By: PHP/4.2.2) = 23 write(1, "\r\n", 2 ) = 2 write(1, "Content-type: text/html", 23Content-type: text/html) = 23 write(1, "\r\n", 2 ) = 2 write(1, "\r\n", 2 ) = 2 setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={0, 0}}, NULL) = 0 munmap(0x408d6000, 40280) = 0 munmap(0x408e9000, 171372) = 0 munmap(0x40913000, 42104) = 0 munmap(0x4091e000, 42532) = 0 munmap(0x40792000, 797228) = 0 munmap(0x40855000, 76604) = 0 munmap(0x40868000, 384604) = 0 munmap(0x408c6000, 64436) = 0 munmap(0x40014000, 4552) = 0 munmap(0x408e0000, 34836) = 0 munmap(0x40929000, 221952) = 0 munmap(0x40016000, 14392) = 0 munmap(0x40969000, 509688) = 0 _exit(0) = ? ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=26020&edit=1
