#28461 [Opn]: segmentation fault when using backreferences on a long string

Thu, 09 Dec 2004 05:59:20 -0800 

 ID:               28461
 Updated by:       [EMAIL PROTECTED]
 Reported By:      xanthor at xanthor dot tk
 Status:           Open
 Bug Type:         PCRE related
 Operating System: Linux, WindowsXP©
 PHP Version:      4.3.9, 4.3.10RC2, 5.0.2
 New Comment:

This is the standard "PCRE uses on-stack recursion" bug which has been
filed and closed umpteen times.  To reproduce just increase the length
of the string until exhausts your stack space.

One way PHP could mitigate the issue is to to set the match_limit field
in the pcre_extra structure which puts a limit on the depth of the stack
recursion.  


Previous Comments:
------------------------------------------------------------------------

[2004-12-09 14:13:26] xanthor at xanthor dot tk

Still segfault with PHP 4.3.10RC2 and PCRE Library Version      4.5
01-December-2003

------------------------------------------------------------------------

[2004-12-06 16:17:35] [EMAIL PROTECTED]

Can't reproduce with any of dev versions (tried latest 4.3.10-dev,
5.1.0-dev & 5.0.3-dev under Linux). Please, try latest snapshots and
tell me what version of pcre you're using (mine is 3.9) if you're still
able to reproduce it.

------------------------------------------------------------------------

[2004-09-28 10:41:22] xanthor at xanthor dot tk

The regexs still crash PHP 4.3.9 and PHP 5.0.2

------------------------------------------------------------------------

[2004-09-16 15:50:47] [EMAIL PROTECTED]

your last regex crashes PHP 5 also.

The segfault isn't in PHP but in pcre (this is quite normal due to the
NFA nature of pcre).

------------------------------------------------------------------------

[2004-09-10 17:01:41] hewei at ied dot org dot cn

preg_match("/(((?<!aaa).)*)(?<!aaa)aaa/",str_repeat('
',10882).'aaa',$z);

crashes PHP4.3.9RC2

But not on php-4.3.2-11.1.ent (WBEL 3.0), the length
to trigger segmentation fault is about 19230.

The most funny thing is that the more closer to the limit, the more
likely you will get a random segmentation fault.

Not only the above pattern will cause the error,
preg_match("/^( )*$/",str_repeat(' ',19250));
will too.

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://bugs.php.net/28461

-- 
Edit this bug report at http://bugs.php.net/?id=28461&edit=1

Reply via email to